search for: evp_pkey_get1_ec_key

Hi, since my last update from the Dovecot Prebuilt Binary for Debian I get a lot of messages like this in mail.log: dovecot: imap-login: Error: SSL: Stacked error: error:0608308E:digital envelope routines:EVP_PKEY_get1_EC_KEY:expecting a ec key Nevertheless Dovecot seems to work normally. Email client doesn't mention any error. This was my last update: Start-Date: 2015-12-04 14:00:31 Commandline: apt-get upgrade Upgrade: dovecot-core:amd64 (2.2.19-1~auto+98, 2.2.20~rc1-1~auto+3), dovecot-managesieved:amd64 (2.2....

...c.. Oh yes! Sorry for not having checked this before. Jun 13 18:50:56 <my-node> dovecot: master: Error: service(pop3-login): command startup failed, throttling for 2 secs Jun 13 19:30:26 <my-node> dovecot: imap-login: Error: SSL: Stacked error: error:0608308E:digital envelope routines:EVP_PKEY_get1_EC_KEY:expecting a ec key Jun 13 19:30:26 <my-node> dovecot: imap-login: Fatal: Can't load ssl_cert: error:0906D06C:PEM routines:PEM_read_bio:no start line Jun 13 19:30:26 <my-node> dovecot: master: Error: service(imap-login): command startup failed, throttling for 60 secs Jun 13 19:31:27...

.... >> >> Jun 13 18:50:56 <my-node> dovecot: master: Error: service(pop3-login): >> command startup failed, throttling for 2 secs >> Jun 13 19:30:26 <my-node> dovecot: imap-login: Error: SSL: Stacked >> error: error:0608308E:digital envelope >> routines:EVP_PKEY_get1_EC_KEY:expecting a ec key >> Jun 13 19:30:26 <my-node> dovecot: imap-login: Fatal: Can't load >> ssl_cert: error:0906D06C:PEM routines:PEM_read_bio:no start line >> Jun 13 19:30:26 <my-node> dovecot: master: Error: service(imap-login): >> command startup failed, thr...

Hi Teemu, > Could you post your doveconf -n output? # 2.2.20.rc1 (ed41702f14c2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.10.rc1 # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.9 auth_mechanisms = plain login log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = Ready. login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k mail_location =

...ving checked this before. > > Jun 13 18:50:56 <my-node> dovecot: master: Error: service(pop3-login): > command startup failed, throttling for 2 secs > Jun 13 19:30:26 <my-node> dovecot: imap-login: Error: SSL: Stacked > error: error:0608308E:digital envelope > routines:EVP_PKEY_get1_EC_KEY:expecting a ec key > Jun 13 19:30:26 <my-node> dovecot: imap-login: Fatal: Can't load > ssl_cert: error:0906D06C:PEM routines:PEM_read_bio:no start line > Jun 13 19:30:26 <my-node> dovecot: master: Error: service(imap-login): > command startup failed, throttling for 60 s...

...gt; Jun 13 18:50:56 <my-node> dovecot: master: Error: service(pop3-login): >>> command startup failed, throttling for 2 secs >>> Jun 13 19:30:26 <my-node> dovecot: imap-login: Error: SSL: Stacked >>> error: error:0608308E:digital envelope >>> routines:EVP_PKEY_get1_EC_KEY:expecting a ec key >>> Jun 13 19:30:26 <my-node> dovecot: imap-login: Fatal: Can't load >>> ssl_cert: error:0906D06C:PEM routines:PEM_read_bio:no start line >>> Jun 13 19:30:26 <my-node> dovecot: master: Error: service(imap-login): >>> command sta...

On Sat, 13 Jun 2015 20:41:01 +0200, you wrote: >Am Samstag, den 13.06.2015, 13:40 -0400 schrieb Steve Matzura: >> On Sat, 13 Jun 2015 14:16:30 +0200, you wrote: >> >> > Am Samstag, den 13.06.2015, 08:00 -0400 schrieb Steve Matzura: >> > > >> > > All of the above specified settings are correct. Yet, when I >> > > telnet >> >

...chain_returnvalue.diff. After applying this patch the following error message appears in the logs for LMTP only (IMAP and POP3 still work fine): dovecot: lmtp(20683): Error: SSL context initialization failed, disabling SSL: Can't load SSL certificate: error:0608308E:digital envelope routines:EVP_PKEY_get1_EC_KEY:expecting a ec key It turns out this issue is not related to the reading of the certificate or its associated chain. Somewhere before ssl_ctx_use_certificate_chain is called an error is put in the OpenSSL error queue which is never retrieved. Only after loading the server certificate is the queue...

...> I have seen that ( it seems ) the new solaris don't honour the > LD_LIBRARY_PATH. I'm sure it does but you shouldn't need it anyway. > The first error was a relocation error: > relocation error: file > /usr/local/dovecot/lib/dovecot/libdovecot-login.so.0: symbol > EVP_PKEY_get1_EC_KEY: referenced symbol not found > Just to bypass this phase I have linked the openssl-1.0.1e in > /usr/local/lib ( libssl and libcrypto ) but then I got a new relocation > error: > > imap: Error: dlopen(/usr/local/dovecot/lib/dovecot/lib20_fts_plugin.so) > failed: ld.so.1: imap: fata...

...ot. My version is 2.2.13 ( it was the last one, at the time of the first server setup ). I have seen that ( it seems ) the new solaris don't honour the LD_LIBRARY_PATH. The first error was a relocation error: relocation error: file /usr/local/dovecot/lib/dovecot/libdovecot-login.so.0: symbol EVP_PKEY_get1_EC_KEY: referenced symbol not found Just to bypass this phase I have linked the openssl-1.0.1e in /usr/local/lib ( libssl and libcrypto ) but then I got a new relocation error: imap: Error: dlopen(/usr/local/dovecot/lib/dovecot/lib20_fts_plugin.so) failed: ld.so.1: imap: fatal: relocation error: file /us...

..._PKEY *pkey; + const char *password; + EC_KEY *eckey; + EC_GROUP *ecgrp; + + password = *set->ssl_key_password != '\0' ? set->ssl_key_password : + getenv(MASTER_SSL_KEY_PASSWORD_ENV); + pkey = ssl_proxy_load_key(set->ssl_key, password); + if (pkey != NULL && + (eckey = EVP_PKEY_get1_EC_KEY(pkey)) != NULL && + (ecgrp = EC_KEY_get0_group(eckey)) != NULL) + nid = EC_GROUP_get_curve_name(ecgrp); + EVP_PKEY_free(pkey); +#endif + return nid; +} + +static int ssl_proxy_ctx_use_certificate_chain(SSL_CTX *ctx, const char *cert) { /* mostly just copy&pasted from SSL_CTX_us...

Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private

...Y_id(pk)) { + case EVP_PKEY_RSA: + key->type = KEY_RSA; + key->rsa = EVP_PKEY_get1_RSA(pk); + break; + case EVP_PKEY_DSA: + key->type = KEY_DSA; + key->dsa = EVP_PKEY_get1_DSA(pk); + break; +#ifdef OPENSSL_HAS_ECC + case EVP_PKEY_EC: + key->type = KEY_ECDSA; + key->ecdsa = EVP_PKEY_get1_EC_KEY(pk); + key->ecdsa_nid = sshkey_ecdsa_key_to_nid(key->ecdsa); + if (key->ecdsa_nid == -1 || + sshkey_curve_nid_to_name(key->ecdsa_nid) == NULL) + goto err_free_sshkey; + break; +#endif + default: + verbose("%s: Unrecognised key type %d\n", __func__, EVP_PKEY_id(pk));...