Displaying 20 results from an estimated 700 matches similar to: "Dovecot 2.3.0 TLS"
2018 Jan 11
6
Dovecot 2.3.0 TLS
On Thu, 11 Jan 2018 12:20:45 +0200, Aki Tuomi wrote:
> Was the certificate path bundled in the server certificate?
No, as a separate file, provided from the local (intermediate) CA:
ssl_cert = </etc/openssl/certs/server.cert
ssl_key = </etc/openssl/private/server.key
ssl_ca = </etc/openssl/certs/ca-cert-chain.pem
Worked fine with 2.2.x, 2.3 gives
% openssl s_client -connect XXX:993
2018 Jan 11
0
Dovecot 2.3.0 TLS
On 11.01.2018 12:18, Hauke Fath wrote:
> All,
>
> our dovecot installation provides a bundle of intermedia CA
> certificates using the ssl_ca option.
>
> 2.3.0 does not supply the bundle, resulting in various clients either
> complaining about an unverifiable server cert, or quietly not
> connecting. The log has
>
> Jan 5 17:01:46 Bounce dovecot: imap-login:
2019 Jul 02
3
Dovecot 2.3.0 TLS
On 11.01.2018 13:20, Hauke Fath wrote:
>/On Thu, 11 Jan 2018 12:20:45 +0200, Aki Tuomi wrote: />>/Was the certificate path bundled in the server certificate? />/No, as a separate file, provided from the local (intermediate) CA: />//>/ssl_cert = </etc/openssl/certs/server.cert />/ssl_key = </etc/openssl/private/server.key />/ssl_ca =
2018 Jan 11
3
Dovecot 2.3.0 TLS
On Thu, 11 Jan 2018 13:22:07 +0200, Aki Tuomi wrote:
> Can you try if it works if you concatenate the cert and cert-chain
> to single file? We'll start looking if this is misunderstanding or bug.
This is a production machine, so I would rather stick with the
downgrade until you've looked into the issue. I went home late
yesterday. ;)
Cheerio,
Hauke
--
The ASCII Ribbon
2019 Jun 29
1
Dovecot 2.3.0 TLS
On 11.01.2018 13:20, Hauke Fath wrote:
>/On Thu, 11 Jan 2018 12:20:45 +0200, Aki Tuomi wrote: />>/Was the certificate path bundled in the server certificate? />/No, as a separate file, provided from the local (intermediate) CA: />//>/ssl_cert = </etc/openssl/certs/server.cert />/ssl_key = </etc/openssl/private/server.key />/ssl_ca =
2018 May 28
3
SSL error after upgrading to 2.31
On 28.05.2018 14:30, Hauke Fath wrote:
> On Mon, 28 May 2018 13:52:01 +0300, Aki Tuomi wrote:
>> I'm sure. But putting it as ssl_ca makes no sense, since it becomes
>> confused what it is for.
> I guess - I haven't had a need for client certs, and only ever used
> ssl_ca for the server ca chain.
>
>> We can try restoring this as ssl_cert_chain setting in
2018 May 28
2
SSL error after upgrading to 2.31
On 28.05.2018 12:06, Hauke Fath wrote:
> On 05/21/18 17:55, Aki Tuomi wrote:
>> ssl_ca is used only for validating client certificates.
>
> But it was used (though not documented, IIRC) for validating server
> certs, too. Since intermediate CA certs are usually valid a lot longer
> than the server certs, having to concat the certs is awkward, at best.
>
> I would very
2018 Jan 11
0
Dovecot 2.3.0 TLS
On 11.01.2018 13:20, Hauke Fath wrote:
> On Thu, 11 Jan 2018 12:20:45 +0200, Aki Tuomi wrote:
>> Was the certificate path bundled in the server certificate?
> No, as a separate file, provided from the local (intermediate) CA:
>
> ssl_cert = </etc/openssl/certs/server.cert
> ssl_key = </etc/openssl/private/server.key
> ssl_ca = </etc/openssl/certs/ca-cert-chain.pem
2018 May 28
2
SSL error after upgrading to 2.31
On 28.05.2018 13:05, Hauke Fath wrote:
> On 05/28/18 11:08, Aki Tuomi wrote:
>>
>>
>> On 28.05.2018 12:06, Hauke Fath wrote:
>>> On 05/21/18 17:55, Aki Tuomi wrote:
>>>> ssl_ca is used only for validating client certificates.
>>>
>>> But it was used (though not documented, IIRC) for validating server
>>> certs, too. Since
2018 Nov 15
1
dovecot 2.2/openssl 1.0 vs dovecot 2.3/openssl 1.1.1 ssl regression
On 11/13/18 19:58, Aki Tuomi wrote:
> On 13 November 2018 at 20:53 Arkadiusz Mi?kiewicz wrote:
>> I'm considering dovecot migration from 2.2.36 run with openssl 1.0.2o to
>> dovecot 2.3.3 run with openssl 1.1.1.
>>
>> Currently I have both variants running with identical configs and certs
>> (the only differences are due to config syntax changes in dovecot
2005 Dec 14
2
"pipe() failed: Too many open files" - ??
Hi list,
after about a day of operation, dovecot 1.0alpha5 (NetBSD/i386 2.1)
died on me with
Dec 14 10:53:52 bounce dovecot: pipe() failed: Too many open files
Dec 14 10:54:23 bounce last message repeated 279661 times
Dec 14 10:56:23 bounce last message repeated 1071807 times
Dec 14 10:56:59 bounce last message repeated 325386 times
-- any ideas on what to tune?
hauke
--
/~\ The ASCII
2018 May 21
2
SSL error after upgrading to 2.31
You forgot to cc the list.
ssl_ca is used only for validating client certificates.
---Aki TuomiDovecot oy
-------- Original message --------From: Marc Perkel <marc at perkel.com> Date: 21/05/2018 18:25 (GMT+02:00) To: Aki Tuomi <aki.tuomi at dovecot.fi> Subject: Re: SSL error after upgrading to 2.31
On 05/21/2018 07:54 AM, Aki Tuomi
wrote:
2019 Aug 08
1
Upgrading to v2.3.X breaks ssl san?
On Wed, 7 Aug 2019 20:24:13 +0300 (EEST), Aki Tuomi via dovecot wrote:
>> i thought ssl_ca is where to put the intermediate cert?
Well, it surely worked that way until v2.3...
> (Sorry for duplicate mail, keyboard acted up...)
>
> No, that has always been a mistake and it was fixed in 2.3. Our SSL
> pages in documentation & wiki have always recommended concatenating
>
2016 Apr 26
2
v2.2.24 released
http://dovecot.org/releases/2.2/dovecot-2.2.24.tar.gz
http://dovecot.org/releases/2.2/dovecot-2.2.24.tar.gz.sig
This should be a good release. :)
* doveconf now warns if it sees a global setting being changed when
the same setting was already set inside some filters. (A common
mistake has been adding more plugins to a global mail_plugins
setting after it was already set inside protocol
2016 Apr 26
2
v2.2.24 released
http://dovecot.org/releases/2.2/dovecot-2.2.24.tar.gz
http://dovecot.org/releases/2.2/dovecot-2.2.24.tar.gz.sig
This should be a good release. :)
* doveconf now warns if it sees a global setting being changed when
the same setting was already set inside some filters. (A common
mistake has been adding more plugins to a global mail_plugins
setting after it was already set inside protocol
2004 Jun 24
2
0.99.10.6 -imap flag update problem still present
Hi,
the email status problem that I reported for Dovecot 0.99.10.5 on
June 3rd does still show up in 0.99.10.6. Quoting myself:
(1) When new mail is delivered to the inbox, the last read mail(s) change(s)
to "unread". Clients: Eudora 6 (Mac), Mozilla 1.6 (NetBSD, Linux, Win
XP), MS Outlook.
(2) When you attempt to move mails from the inbox to another folder
with Mozilla
(1.6 on
2004 Jun 03
1
0.99.10.5 imap flag update issues
Hi,
there is an issue left in 0.99.10.5 which (I think) is a problem with
imap status flags. It shows up in two places:
(1) When new mail is delivered to the inbox, the last read mail changes
to "unread".
(2) When you move mails from the inbox to another folder with Mozilla
(1.6 on win32, Linux, NetBSD), they are not removed from the inbox,
effectively performing a copy instead of a
2005 Nov 23
2
Dovecot logs to syslog (other than MAIL)?
I see in the config file where I can enable syslog, but then all logging
goes to the MAIL facility. I could find no reference to changing the
facility:level for syslogging. Is that implemented, or planned?
I know I could just write it to a file, but I'd prefer to use syslog
because then I can pipe it to a central logging server.
2005 Dec 16
2
out of memory on dovecot alpha5
Hello
Once a day i have these errors in doveecot.log:
===========================================
dovecot: Dec 16 14:06:04 Error: auth-worker(default): .Out of memory
(Needed 52 bytes)
dovecot: Dec 16 14:06:04 Error: auth-worker(default): sql(login,<ip>):
Password query failed: MySQL
client ran out of memory
dovecot: Dec 16 14:06:06 Info: imap-login: Disconnected: user=<login>,
2007 Jan 25
2
rc18->rc19: read/unread/reply flags broken
Timo,
This might be a bit vague, but I have noticed that rc19 seems
to have broken the read/unread/reply flags in imap. My officemate
has had problems with messages that are read and marked as read then
mysteriously get remarked as unread the next time email is checked.
I've had problems where I reply to a message and it does not get
marked as "answered". We didn't see this