Displaying 20 results from an estimated 4000 matches similar to: "SSL error after upgrading to 2.31"
2018 May 21
1
SSL error after upgrading to 2.31
After upgrading to 2.31 I'm getting this error. Not sure what I'm doing
wrong.
No (No signatures could be verified because the chain contains only one
certificate and it is not self signed.)
ssl = yes
ssl_cert = </etc/exim/certs/ctyme.com.crt
ssl_key = </etc/exim/certs/ctyme.com.key
ssl_ca = </etc/exim/certs/ca.crt
local mail.ctyme.com {
? protocol imap {
??? ssl_cert =
2018 May 28
2
SSL error after upgrading to 2.31
On 28.05.2018 12:06, Hauke Fath wrote:
> On 05/21/18 17:55, Aki Tuomi wrote:
>> ssl_ca is used only for validating client certificates.
>
> But it was used (though not documented, IIRC) for validating server
> certs, too. Since intermediate CA certs are usually valid a lot longer
> than the server certs, having to concat the certs is awkward, at best.
>
> I would very
2018 May 28
2
SSL error after upgrading to 2.31
On 28.05.2018 13:05, Hauke Fath wrote:
> On 05/28/18 11:08, Aki Tuomi wrote:
>>
>>
>> On 28.05.2018 12:06, Hauke Fath wrote:
>>> On 05/21/18 17:55, Aki Tuomi wrote:
>>>> ssl_ca is used only for validating client certificates.
>>>
>>> But it was used (though not documented, IIRC) for validating server
>>> certs, too. Since
2018 May 28
3
SSL error after upgrading to 2.31
On 28.05.2018 14:30, Hauke Fath wrote:
> On Mon, 28 May 2018 13:52:01 +0300, Aki Tuomi wrote:
>> I'm sure. But putting it as ssl_ca makes no sense, since it becomes
>> confused what it is for.
> I guess - I haven't had a need for client certs, and only ever used
> ssl_ca for the server ca chain.
>
>> We can try restoring this as ssl_cert_chain setting in
2018 Nov 15
1
dovecot 2.2/openssl 1.0 vs dovecot 2.3/openssl 1.1.1 ssl regression
On 11/13/18 19:58, Aki Tuomi wrote:
> On 13 November 2018 at 20:53 Arkadiusz Mi?kiewicz wrote:
>> I'm considering dovecot migration from 2.2.36 run with openssl 1.0.2o to
>> dovecot 2.3.3 run with openssl 1.1.1.
>>
>> Currently I have both variants running with identical configs and certs
>> (the only differences are due to config syntax changes in dovecot
2018 Jan 11
2
Dovecot 2.3.0 TLS
All,
our dovecot installation provides a bundle of intermedia CA
certificates using the ssl_ca option.
2.3.0 does not supply the bundle, resulting in various clients either
complaining about an unverifiable server cert, or quietly not
connecting. The log has
Jan 5 17:01:46 Bounce dovecot: imap-login: Disconnected (no auth
attempts in 0 secs): user=<>, rip=XXX, lip=YYY, TLS
2018 Jan 11
6
Dovecot 2.3.0 TLS
On Thu, 11 Jan 2018 12:20:45 +0200, Aki Tuomi wrote:
> Was the certificate path bundled in the server certificate?
No, as a separate file, provided from the local (intermediate) CA:
ssl_cert = </etc/openssl/certs/server.cert
ssl_key = </etc/openssl/private/server.key
ssl_ca = </etc/openssl/certs/ca-cert-chain.pem
Worked fine with 2.2.x, 2.3 gives
% openssl s_client -connect XXX:993
2019 Aug 08
1
Upgrading to v2.3.X breaks ssl san?
On Wed, 7 Aug 2019 20:24:13 +0300 (EEST), Aki Tuomi via dovecot wrote:
>> i thought ssl_ca is where to put the intermediate cert?
Well, it surely worked that way until v2.3...
> (Sorry for duplicate mail, keyboard acted up...)
>
> No, that has always been a mistake and it was fixed in 2.3. Our SSL
> pages in documentation & wiki have always recommended concatenating
>
2019 Aug 06
7
Upgrading to v2.3.X breaks ssl san?
2018 Nov 13
2
dovecot 2.2/openssl 1.0 vs dovecot 2.3/openssl 1.1.1 ssl regression
Hi.
I'm considering dovecot migration from 2.2.36 run with openssl 1.0.2o to
dovecot 2.3.3 run with openssl 1.1.1.
Currently I have both variants running with identical configs and certs
(the only differences are due to config syntax changes in dovecot 2.3),
so for example on both I have:
ssl_ca = </etc/openssl/certs/wildcard_ca.pem
(this file contains single intermediate certificate of
2018 Jan 11
3
Dovecot 2.3.0 TLS
On Thu, 11 Jan 2018 13:22:07 +0200, Aki Tuomi wrote:
> Can you try if it works if you concatenate the cert and cert-chain
> to single file? We'll start looking if this is misunderstanding or bug.
This is a production machine, so I would rather stick with the
downgrade until you've looked into the issue. I went home late
yesterday. ;)
Cheerio,
Hauke
--
The ASCII Ribbon
2005 Jul 16
1
Compiling under Fedora Core 4 - Problem
OK - trying to migrate to dovecot and I like what I see so far, but
having a hard time getting it to work. I decided to go with the 1.0
version because I need to get away from the ~/Mail namespace. I'm trying
to port from a Linuxconf virtual WU-IMAP type config.
So - I compiled but then decided I wanted mysql so I tried to
reconfigure and now getting compile errors. Looks like I'm
2016 Apr 26
2
v2.2.24 released
http://dovecot.org/releases/2.2/dovecot-2.2.24.tar.gz
http://dovecot.org/releases/2.2/dovecot-2.2.24.tar.gz.sig
This should be a good release. :)
* doveconf now warns if it sees a global setting being changed when
the same setting was already set inside some filters. (A common
mistake has been adding more plugins to a global mail_plugins
setting after it was already set inside protocol
2016 Apr 26
2
v2.2.24 released
http://dovecot.org/releases/2.2/dovecot-2.2.24.tar.gz
http://dovecot.org/releases/2.2/dovecot-2.2.24.tar.gz.sig
This should be a good release. :)
* doveconf now warns if it sees a global setting being changed when
the same setting was already set inside some filters. (A common
mistake has been adding more plugins to a global mail_plugins
setting after it was already set inside protocol
2019 Jul 02
3
Dovecot 2.3.0 TLS
On 11.01.2018 13:20, Hauke Fath wrote:
>/On Thu, 11 Jan 2018 12:20:45 +0200, Aki Tuomi wrote: />>/Was the certificate path bundled in the server certificate? />/No, as a separate file, provided from the local (intermediate) CA: />//>/ssl_cert = </etc/openssl/certs/server.cert />/ssl_key = </etc/openssl/private/server.key />/ssl_ca =
2018 May 28
0
SSL error after upgrading to 2.31
On 05/28/18 11:08, Aki Tuomi wrote:
>
>
> On 28.05.2018 12:06, Hauke Fath wrote:
>> On 05/21/18 17:55, Aki Tuomi wrote:
>>> ssl_ca is used only for validating client certificates.
>>
>> But it was used (though not documented, IIRC) for validating server
>> certs, too. Since intermediate CA certs are usually valid a lot longer
>> than the server
2005 Dec 14
2
"pipe() failed: Too many open files" - ??
Hi list,
after about a day of operation, dovecot 1.0alpha5 (NetBSD/i386 2.1)
died on me with
Dec 14 10:53:52 bounce dovecot: pipe() failed: Too many open files
Dec 14 10:54:23 bounce last message repeated 279661 times
Dec 14 10:56:23 bounce last message repeated 1071807 times
Dec 14 10:56:59 bounce last message repeated 325386 times
-- any ideas on what to tune?
hauke
--
/~\ The ASCII
2018 May 28
0
SSL error after upgrading to 2.31
On 05/21/18 17:55, Aki Tuomi wrote:
> ssl_ca is used only for validating client certificates.
But it was used (though not documented, IIRC) for validating server
certs, too. Since intermediate CA certs are usually valid a lot longer
than the server certs, having to concat the certs is awkward, at best.
I would very much like to see the pre-2.3 behaviour of "ssl_ca" restored.
2018 May 28
0
SSL error after upgrading to 2.31
On Mon, 28 May 2018 13:52:01 +0300, Aki Tuomi wrote:
> I'm sure. But putting it as ssl_ca makes no sense, since it becomes
> confused what it is for.
I guess - I haven't had a need for client certs, and only ever used
ssl_ca for the server ca chain.
> We can try restoring this as ssl_cert_chain setting in future release.
Sounds good. How about (re)naming them
2004 Jun 24
2
0.99.10.6 -imap flag update problem still present
Hi,
the email status problem that I reported for Dovecot 0.99.10.5 on
June 3rd does still show up in 0.99.10.6. Quoting myself:
(1) When new mail is delivered to the inbox, the last read mail(s) change(s)
to "unread". Clients: Eudora 6 (Mac), Mozilla 1.6 (NetBSD, Linux, Win
XP), MS Outlook.
(2) When you attempt to move mails from the inbox to another folder
with Mozilla
(1.6 on