What are you trying to accomplish? On 7/5/2020 12:27 PM, Rupert Gallagher wrote:> This is OpenBSD with OpenSSL. There are no patches for dovecot version > 2.3.10.1: > https://github.com/openbsd/ports/tree/master/mail/dovecot/patches > <https://github.com/openbsd/ports/tree/master/mail/dovecot/patches> > > My latest run is attached. > > > make check > ... > Making check in lib-ssl-iostream > make? check-local > for bin in test-iostream-ssl; do? if !? ./$bin; then exit 1; fi;? done > test-common.c:195: Assert failed: suppress == TRUE > Error: server: SSL_accept() syscall failed: Invalid argument > ssl: handshake ....................................................... > : FAILED > Panic: file ostream.c: line 54 (o_stream_close_full): assertion > failed: (stream->real_stream->error_handling_disabled) > Abort trap (core dumped) > *** Error 1 in src/lib-ssl-iostream (Makefile:919 'check-local') > *** Error 2 in src/lib-ssl-iostream (Makefile:786 'check-am') > *** Error 1 in src (Makefile:588 'check-recursive': @fail=; if > (target_option=k; case ${target_option-} in? ?) ;;? *) echo > "am__make_runnin...) > *** Error 1 in /opt/src/dovecot-2.3.10.1 (Makefile:706 > 'check-recursive': @fail=;? if (target_option=k; case > ${target_option-} in? ?) ;;? *)...) > > > cd?/opt/src/dovecot-2.3.10.1/src/auth > > ./test-libpassword > password scheme(PLAIN) ............................................... > : ok > test-libpassword.c:48: Assert failed: password_verify(plaintext, > ¶ms, scheme, raw_password, siz, &error) == 1 > password scheme(CRYPT) ............................................... > : FAILED > password scheme(PLAIN-MD4) ........................................... > : ok > password scheme(MD5) ................................................. > : ok > password scheme(SHA1) ................................................ > : ok > ... > 1 / 25 tests failed >
Both Dovecot and OpenDKIM packages on OpenBSD are rejecting connections because of CRYPTO, and they use libressl by default. I use openssl because libressl does not implement dane, so I am recompiling both to serve my use case, and sharing results along the way. This is the opendkim error:> opendkim: ... SSL error:04FFF068:rsa routines:CRYPTO_internal:bad signatureYou already have the dovecot error. ??????? Original Message ??????? On Monday 6 July 2020 08:38, Brad Smith <brad at comstyle.com> wrote:> What are you trying to accomplish?
The dovecot error is on my compiled version, and on test only. I do not have it live, yet. The opendkim error below is from the obsd package, running live. Sent from ProtonMail mobile -------- Original Message -------- On 6 Jul 2020, 20:08, Rupert Gallagher wrote:> Both Dovecot and OpenDKIM packages on OpenBSD are rejecting connections because of CRYPTO, and they use libressl by default. I use openssl because libressl does not implement dane, so I am recompiling both to serve my use case, and sharing results along the way. > > This is the opendkim error: > >> opendkim: ... SSL error:04FFF068:rsa routines:CRYPTO_internal:bad signature > > You already have the dovecot error. > > ??????? Original Message ??????? > On Monday 6 July 2020 08:38, Brad Smith <brad at comstyle.com> wrote: > >> What are you trying to accomplish?-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20200706/7f1e4f83/attachment-0001.html>
On 2020-07-06, Rupert Gallagher <ruga at protonmail.com> wrote:> Both Dovecot and OpenDKIM packages on OpenBSD are rejecting > connections because of CRYPTO, and they use libressl by default.That's best reported with information (at least version numbers of software involved, relevant logs, and info about which server is having problems) to the package maintainer and/or libressl developers.> I use > openssl because libressl does not implement dane, so I am recompiling > both to serve my use case, and sharing results along the way.It is difficult to correctly build against openssl on a system where the OS and all other packages use libressl. If you mix the two (i.e. headers from libressl and library from openssl or vice-versa, or linking against libraries that pull in "the other" library than you're using - the obvious example in the case of Dovecot would be ldap/mariadb/pgsql libraries) then you can expect it to fail, possibly in exciting ways.