search for: ssl_verify_server_cert

...On Thu, Apr 18, 2019, at 12:15 PM, TG Servers via dovecot wrote: > Ok then it seems again a MariaDB issue, they don't check against IP in the SAN it seems, this has nothing to do with ssl_ca setting it seems > > host=<ip> port=<port> dbname=<db> user=<user> ssl_verify_server_cert=yes ssl_cipher=TLSv1.2 ssl_ca=/etc/ssl/certs/ca-bundle.crt password=<pwd> > brings up this > *Connect failed to database (vmail): SSL connection error: SSL certificate validation failure * > > host=<host> port=<port> dbname=<db> user=<user> ssl_verify_ser...

> On 18 April 2019 11:34 TG Servers via dovecot <dovecot at dovecot.org> wrote: > > > Hi, > > when using ssl_verify_server_cert in mysql connection string, is the cert verified also against SAN (DNS and IP)? > Because this doesn't seem to work. I get a certification verification error in handshake when connecting via IP. > But the cert is good as the connection via IP (and IP in the SAN of the cert) works from...

Hello! I'm attempting to get Dovecot working with MySQL user database on another machine. I can connect to the MySQL (5.7.26) instance with SSL enabled: ?mysql -h db.mrst.ee --ssl-ca=/etc/dovecot/ca.pem --ssl-cert=/etc/dovecot/client-cert.pem --ssl-key=/etc/dovecot/client-key.pem --ssl-cipher=DHE-RSA-AES256-SHA -u vmail -p However if I use the same values in dovecot-sql.conf.ext, I

...t.ee): Connect failed to database (vmail): SSL connection > error: Failed to set ciphers to use - waiting for 1 seconds before retry > > Any ideas? > > Thanks! > Reio One difference between your testing manually with mysql client and the same configuration in dovecot is the "ssl_verify_server_cert" parameter. Dovecot is setting it if it is not specified. So to make the tests the same you should either specify the --ssl_verify_server_cert parameter to mysql or set it to no in the dovecot configuration. John

...ecot.org/UserDatabase + imap: Implemented SETQUOTA command for admin user when quota_set is configured. See http://master.wiki2.dovecot.org/Quota/Configuration + quota: Support "*" and "?" wildcards in mailbox names in quota_rules + mysql: Added ssl_verify_server_cert=no|yes parameter. This currently defaults to "no" to make sure nothing breaks, but likely will become "yes" in Dovecot v2.3. + ldap: Added blocking=yes setting to use auth worker processes for ldap lookups. This is a workaround for now to be...

...ecot.org/UserDatabase + imap: Implemented SETQUOTA command for admin user when quota_set is configured. See http://master.wiki2.dovecot.org/Quota/Configuration + quota: Support "*" and "?" wildcards in mailbox names in quota_rules + mysql: Added ssl_verify_server_cert=no|yes parameter. This currently defaults to "no" to make sure nothing breaks, but likely will become "yes" in Dovecot v2.3. + ldap: Added blocking=yes setting to use auth worker processes for ldap lookups. This is a workaround for now to be...