[Dovecot] Dovecot SSL issue on Solaris 10 x64 (64-bit)

Patric ppaaff at gmail.com
Mon Aug 21 17:30:14 EEST 2006


I'm having an issue with Thunderbird (and Opera) and Dovecot SSL on a  
Solaris 10.

My OS is Solaris 10 6/06 x86 (running in 64-bit mode) using ZFS (disk  
mirror) as the
filesystem for my users. Dovecot version is 1.0rc7 (logs below are from  
1.0rc6).

First the connection asks if the SSL-certificate should be accepted,  
accepting it
seems to work but then nothing happens. Thunderbird is quite silent, not  
always displays
an error message, it just seems that there are no emails to download.

It works fine in Mac OS X Mail.app with POP3s and IMAPs (both SSL).
But not for Thunderbird (1.5.0.5) and Opera (latest).

Setting "verbose_ssl=yes" and "auth_debug=yes" in the configuration gives  
this error
 from a Thunderbird login:
Aug 16 14:16:28 credo dovecot: [ID 107833 mail.warning] pop3-login:  
SSL_accept() failed: error:140D308A:SSL  
routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable [85.225.200.123]
Aug 16 14:16:28 credo dovecot: [ID 107833 mail.info] pop3-login:  
Disconnected: rip=85.225.200.123, lip=195.198.174.212, TLS
Aug 16 14:16:29 credo dovecot: [ID 107833 mail.warning] pop3-login:  
SSL_accept() failed: error:140D308A:SSL  
routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable [85.225.200.123]
Aug 16 14:16:29 credo dovecot: [ID 107833 mail.info] pop3-login:  
Disconnected: rip=85.225.200.123, lip=195.198.174.212, TLS

It seems to be that the OpenSSL installed with Solaris 10 is abit "broken"  
or missing
the cryptographic procotols needed. (at least from what I've read on the  
Internet)
Strange that it works fine with Mail.app on Mac OS X.

So, I installed the latest OpenSSL, compiled, tested and installed.
(no problems occured)

Back to compiling Dovecot, used this oneliner to point it to the new  
OpenSSL (and my compile settings):
env PKG_CONFIG_PATH=/usr/local/ssl/lib/pkgconfig ./configure  
--sysconfdir=/usr/local/etc --with-ssldir=/usr/local/etc/ssl

Worked!
bash-3.00$ egrep "^SSL_" config.log
SSL_CFLAGS='-I/usr/local/ssl/include  '
SSL_LIBS='-L/usr/local/ssl/lib -lssl -lcrypto -lsocket -lnsl -ldl  '

But gives this error message when I compile:
  gcc -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes  
-Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2  
-Wbad-function-cast -I/usr/local/ssl/include -o ssl-build-param  
ssl-init-main.o ssl-init-openssl.o ssl-init-gnutls.o  ../lib/liblib.a  
-L/usr/local/ssl/lib -lssl -lcrypto -ldl -lsocket -lnsl -lrt -lsendfile
ld: warning: file /usr/local/ssl/lib/libcrypto.a(dh_asn1.o): wrong ELF  
class: ELFCLASS64
Undefined                       first referenced
symbol                             in file
DH_generate_parameters              ssl-init-openssl.o
ERR_get_error                       ssl-init-openssl.o
ERR_error_string_n                  ssl-init-openssl.o
i2d_DHparams                        ssl-init-openssl.o
ld: fatal: Symbol referencing errors. No output written to ssl-build-param
collect2: ld returned 1 exit status
*** Error code 1
make: Fatal error: Command failed for target `ssl-build-param'
Current working directory /home/nollan/work2/dovecot-1.0.rc7/src/master
*** Error code 1
The following command caused the error:
(error message removed to save space, can include if requested)

It seems that the Thunderbird/Opera SSL problem will be solved with a new  
OpenSSL.
But I seem to have problems getting Dovecot to compile with the new  
OpenSSL (64-bit issue?).

Anyone got any hints on what I should do?


With Regards,
Patric


More information about the dovecot mailing list