Patrick Cernko
2021-Dec-02 15:16 UTC
execve(/usr/bin/sieve-test) failed: Argument list too long
Hi Dovecot developers, while debugging the above error message from sieve-test, I found out, that the content of directive ssl_ca is added as env var SSL_CA by doveconf on execve and sieve-test now uses doveconf. In our setup, ssl_ca is set to ssl_ca = </etc/ssl/certs/ca-certificates.crt on our director servers. We have backend servers with certificates signed by two different CAs and to avoid problems if a backend switches to a different CA, I decided to allow all "known" CAs. The corresponding env var SSL_CA has more than 230500 bytes, which causes execve to fail with error E2BIG. I found a workaround for the problem by setting ssl_ca = </etc/dovecot/backendCAs.pem Where this file contains only the two CAs used atm. However I would like to request a fix for this issue as others might also want to have all "known" CAs set for dovecot director backend connections. Best, -- Patrick Cernko <pcernko at mpi-klsb.mpg.de> +49 681 9325 5815 Joint Administration: Information Services and Technology Max-Planck-Institute fuer Informatik & Softwaresysteme -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5324 bytes Desc: S/MIME Cryptographic Signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20211202/a03fae9e/attachment.bin>
Aki Tuomi
2021-Dec-03 07:04 UTC
execve(/usr/bin/sieve-test) failed: Argument list too long
> On 02/12/2021 17:16 Patrick Cernko <pcernko at mpi-klsb.mpg.de> wrote: > > > Hi Dovecot developers, > > while debugging the above error message from sieve-test, I found out, > that the content of directive ssl_ca is added as env var SSL_CA by > doveconf on execve and sieve-test now uses doveconf. > > In our setup, ssl_ca is set to > ssl_ca = </etc/ssl/certs/ca-certificates.crt > on our director servers. We have backend servers with certificates > signed by two different CAs and to avoid problems if a backend switches > to a different CA, I decided to allow all "known" CAs. The corresponding > env var SSL_CA has more than 230500 bytes, which causes execve to fail > with error E2BIG. > > I found a workaround for the problem by setting > ssl_ca = </etc/dovecot/backendCAs.pem > Where this file contains only the two CAs used atm. However I would like > to request a fix for this issue as others might also want to have all > "known" CAs set for dovecot director backend connections. > > Best, > -- > Patrick Cernko <pcernko at mpi-klsb.mpg.de> +49 681 9325 5815 > Joint Administration: Information Services and Technology > Max-Planck-Institute fuer Informatik & SoftwaresystemeHi! Thanks for reporting this issue, it's related to a known issue and will be fixed. Aki