search for: ssl_io

...nginx/rev/062c189fee20): For Dovecot 2.2.35: diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c index 68ec221..31d1017 100644 --- a/src/lib-ssl-iostream/iostream-openssl.c +++ b/src/lib-ssl-iostream/iostream-openssl.c @@ -324,7 +324,7 @@ static void openssl_iostream_unref(struct ssl_iostream *ssl_io) static void openssl_iostream_destroy(struct ssl_iostream *ssl_io) { - if (SSL_shutdown(ssl_io->ssl) != 1) { + if (!SSL_in_init(ssl_io->ssl) && SSL_shutdown(ssl_io->ssl) != 1) { /* if bidirectional shutdown fails we need to clear...

...g to the backends of each user. The proxies are also working as "SSL offload engines". SystemOS: Debian Stretch (9.11) on LXC Virtualization Sometimes I get the following errors in mail.err log: ... Mar 10 16:47:24 imap1 dovecot: imap-login: Panic: file iostream-openssl.c: line 599 (openssl_iostream_handle_error): assertion failed: (errno != 0) Mar 10 16:47:24 imap1 dovecot: imap-login: Fatal: master: service(imap-login): child 30431 killed with signal 6 (core dumped) Mar 10 16:47:38 imap1 dovecot: imap-login: Panic: file iostream-openssl.c: line 599 (openssl_iostream_handle_error): asse...

Hello, We upgraded one of our dovecot servers to debian stretch with dovecot 2.2.27 and since then one of our users has been experiencing random IMAP failures. We enabled raw logging at the server side and it shows normal IMAP commands/responses: 1507292522.222427 * 6 FETCH (FLAGS () BODYSTRUCTURE ("text" "plain" ("charset" "us-ascii") NIL NIL

Is there a way to log SNI hostname used in TLS session? Info is there in SSL_CTX_set_tlsext_servername_callback, dovecot copies it to ssl_io->host. Unfortunately I don't see it expanded to any variables ( http://wiki.dovecot.org/Variables ). Please consider this to be a feature request. The goal is to be able to see which hostname client used like: May 30 08:21:19 xxx dovecot: pop3-login: Login: user=<abc>, method=PLAI...

..., 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl> wrote: > > On Monday 30 of May 2016, Arkadiusz Mi?kiewicz wrote: >> Is there a way to log SNI hostname used in TLS session? Info is there in >> SSL_CTX_set_tlsext_servername_callback, dovecot copies it to >> ssl_io->host. >> >> Unfortunately I don't see it expanded to any variables ( >> http://wiki.dovecot.org/Variables ). Please consider this to be a feature >> request. >> >> The goal is to be able to see which hostname client used like: >> >> May 30...

.../lib/dovecot/libdovecot.so.0(+0xbce13) [0x7fafdc2e9e13] -> /usr/local/dovecot-2.2.15/lib/dovecot/libdovecot.so.0(io_stream_unref+0x7d) [0x7fafdc2cb30d] -> /usr/local/dovecot-2.2.15/lib/dovecot/libdovecot.so.0(o_stream_unref+0x82) [0x7fafdc2e86ae] -> /usr/local/dovecot-2.2.15/lib/dovecot/libssl_iostream_openssl.so(+0x5b93) [0! x7fafdb69cb93] -> /usr/local/dovecot-2.2.15/lib/dovecot/libssl_iostream_openssl.so(+0x5ce9) [0x7fafdb69cce9] -> /usr/local/dovecot-2.2.15/lib/dovecot/libdovecot.so.0(ssl_iostream_unref+0x36) [0x7fafdc2b8bb9] -> /usr/local/dovecot-2.2.15/lib/dovecot/libssl_ios...

...z <arekm at maven.pl> wrote: >>> >>> On Monday 30 of May 2016, Arkadiusz Mi?kiewicz wrote: >>>> Is there a way to log SNI hostname used in TLS session? Info is there in >>>> SSL_CTX_set_tlsext_servername_callback, dovecot copies it to >>>> ssl_io->host. >>>> >>>> Unfortunately I don't see it expanded to any variables ( >>>> http://wiki.dovecot.org/Variables ). Please consider this to be a >>>> feature request. >>>> >>>> The goal is to be able to see which hostnam...

...ils.so.1 Reading symbols from /lib64/libresolv.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libresolv.so.2 Reading symbols from /lib64/libselinux.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libselinux.so.1 Reading symbols from /usr/lib64/dovecot/libssl_iostream_openssl.so...Reading symbols from /usr/lib/debug/usr/lib64/dovecot/libssl_iostream_openssl.so.debug...done. done. Loaded symbols for /usr/lib64/dovecot/libssl_iostream_openssl.so Core was generated by `dovecot/imap-login [4 pre-lo'. Program terminated with signal 11, Segmentation fault. #...

...ils.so.1 Reading symbols from /lib64/libresolv.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libresolv.so.2 Reading symbols from /lib64/libselinux.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libselinux.so.1 Reading symbols from /usr/lib64/dovecot/libssl_iostream_openssl.so...Reading symbols from /usr/lib/debug/usr/lib64/dovecot/libssl_iostream_openssl.so.debug...done. done. Loaded symbols for /usr/lib64/dovecot/libssl_iostream_openssl.so Core was generated by `dovecot/imap-login [4 pre-lo'. Program terminated with signal 11, Segmentation fault. #...

..._key = # hidden, use -P to show it } backtrace: Stack trace of thread 56084: #0 0x00007fe529be2dd5 i_stream_get_root_io (libdovecot.so.0) #1 0x00007fe529be2e39 i_stream_set_input_pending (libdovecot.so.0) #2 0x00007fe527415a59 openssl_iostream_bio_sync (libssl_iostream_openssl.so) #3 0x00007fe527415c2a openssl_iostream_more (libssl_iostream_openssl.so) #4 0x00007fe527415c6b openssl_iostream_destroy (libssl_iostream_openssl.so) #5 0x00007fe529e8be72 client_unref (libdovecot-login.so...

...gt;>>> >>>>> On Monday 30 of May 2016, Arkadiusz Mi?kiewicz wrote: >>>>>> Is there a way to log SNI hostname used in TLS session? Info is there >>>>>> in SSL_CTX_set_tlsext_servername_callback, dovecot copies it to >>>>>> ssl_io->host. >>>>>> >>>>>> Unfortunately I don't see it expanded to any variables ( >>>>>> http://wiki.dovecot.org/Variables ). Please consider this to be a >>>>>> feature request. >>>>>> >>>>>...

...ot/libdovecot.so.0(+0xf5cb0) [0x7f8bb6 56bcb0] -> /usr/lib64/dovecot/libdovecot.so.0(io_remove+0x1d) [0x7f8bb656be31] -> /usr/lib64/dovecot/libdovecot.so.0(+0x10b5f8) [0x7f8bb65815f8] -> /usr/lib64/dovec ot/libdovecot.so.0(o_stream_cork+0x5a) [0x7f8bb657e289] -> /usr/lib64/dovecot/libssl_iostream_openssl.so(+0x6406) [0x7f8bb12d6406] -> /usr/lib64/dovecot/libssl_iost ream_openssl.so(openssl_iostream_bio_sync+0x18) [0x7f8bb12d6af6] -> /usr/lib64/dovecot/libssl_iostream_openssl.so(+0xa52e) [0x7f8bb12da52e] -> / usr/lib64/dovecot/libssl_iostream_openssl.so(+0xa6ef) [0x7f8bb12da...

...ot/libdovecot.so.0(+0xf5cb0) [0x7f8bb6 56bcb0] -> /usr/lib64/dovecot/libdovecot.so.0(io_remove+0x1d) [0x7f8bb656be31] -> /usr/lib64/dovecot/libdovecot.so.0(+0x10b5f8) [0x7f8bb65815f8] -> /usr/lib64/dovec ot/libdovecot.so.0(o_stream_cork+0x5a) [0x7f8bb657e289] -> /usr/lib64/dovecot/libssl_iostream_openssl.so(+0x6406) [0x7f8bb12d6406] -> /usr/lib64/dovecot/libssl_iost ream_openssl.so(openssl_iostream_bio_sync+0x18) [0x7f8bb12d6af6] -> /usr/lib64/dovecot/libssl_iostream_openssl.so(+0xa52e) [0x7f8bb12da52e] -> / usr/lib64/dovecot/libssl_iostream_openssl.so(+0xa6ef) [0x7f8bb12da...

...iusz Mi?kiewicz <arekm at maven.pl> wrote: > > > > On Monday 30 of May 2016, Arkadiusz Mi?kiewicz wrote: > >> Is there a way to log SNI hostname used in TLS session? Info is there in > >> SSL_CTX_set_tlsext_servername_callback, dovecot copies it to > >> ssl_io->host. > >> > >> Unfortunately I don't see it expanded to any variables ( > >> http://wiki.dovecot.org/Variables ). Please consider this to be a > >> feature request. > >> > >> The goal is to be able to see which hostname client used li...

...; wrote: > >>> > >>> On Monday 30 of May 2016, Arkadiusz Mi?kiewicz wrote: > >>>> Is there a way to log SNI hostname used in TLS session? Info is there > >>>> in SSL_CTX_set_tlsext_servername_callback, dovecot copies it to > >>>> ssl_io->host. > >>>> > >>>> Unfortunately I don't see it expanded to any variables ( > >>>> http://wiki.dovecot.org/Variables ). Please consider this to be a > >>>> feature request. > >>>> > >>>> The goal is...

...>>>>> On Monday 30 of May 2016, Arkadiusz Mi?kiewicz wrote: > >>>>>> Is there a way to log SNI hostname used in TLS session? Info is > >>>>>> there in SSL_CTX_set_tlsext_servername_callback, dovecot copies it > >>>>>> to ssl_io->host. > >>>>>> > >>>>>> Unfortunately I don't see it expanded to any variables ( > >>>>>> http://wiki.dovecot.org/Variables ). Please consider this to be a > >>>>>> feature request. > >>>>&gt...

...SSL_CTX_set_ciphersuites() support]) ],, $SSL_LIBS) ... and, src/lib-ssl-iostream/iostream-openssl.c ... #ifdef HAVE_SSL_CTX_SET_CIPHERSUITES if (set->ciphersuites != NULL && strcmp(ctx_set->ciphersuites, set->ciphersuites) != 0) { if (SSL_set_ciphersuitesl(ssl_io->ssl, set->ciphersuites) == 0) { *error_r = t_strdup_printf( "Can't set ciphersuites to '%s': %s", set->ciphersuites, openssl_iostream_error()); return -1; } } #endif ... suggests that ciphersuite support exists. bug, checking in ....