HELP!!! Re: [Dovecot] Specifying which openssl to use

Chase chase at osdev.org
Sun Jun 4 09:18:53 EEST 2006 

We'll I've spent the entire day trying to make Dovecot with TLS/SSL work 
on Solaris 10 and I'm not any closer.

This is Solaris 10 x86 Update 1 and Dovecot 1 Beta 8.

bash-3.00# /usr/sfw/bin/openssl version
OpenSSL 0.9.7d 17 Mar 2004

The reason I think the bundled openssl is broken is because Thunderbird 
can receive the cert but the connection drops, turning on all the 
logging in dovecot I find this in my syslog:

Jun  4 00:50:30 hosting dovecot: [ID 107833 mail.warning] imap-login: 
SSL_accept() failed: error:1409D08A:SSL 
routines:SSL3_SETUP_KEY_BLOCK:cipher or hash unavailable [205.19
6.182.15]

I found some messages on the imap-uw mailing list that indicate that 
this error could be caused by the bundled openssl. I've installed the 
latest openssl from source without problem and an updated packaged 
version from sunfreeware.com. I just can't seem to make Dovecot use them.

I've used crle to include /usr/local/ssl/lib in my library path.
I've tried PKG_CONFIG_PATH=/usr/local/ssl/lib/pkgconfig with my configure
I've tried CPPFLAGS=-I/usr/local/ssl/include 
LDFLAGS='-L/usr/local/ssl/lib' ./configure --prefix=/opt/dovecot 
--with-ssl=openssl --with-ssldir=/etc/sslcerts
I've tried CPPFLAGS=-I/usr/local/ssl/include 
LDFLAGS='-L/usr/local/ssl/lib -ldl' ./configure --prefix=/opt/dovecot 
--with-ssl=openssl --with-ssldir=/etc/sslcerts

When I set the PKG_CONFIG_PATH the messages produced by configure and 
make make me think that /usr/local/ssl will be used.

Using "truss -f /opt/dovecot/sbin/dovecot 2> /tmp/dove.txt" I can see 
several references to the wrong libssl such as 
"open("/usr/sfw/lib/libssl.so.0.9.7", O_RDONLY)  = 3".

Does anyone know how to make Dovecot use a specified install of openssl? 
Or how to make Dovecot and the Solaris bundled openssl work?

-Chase


Chase wrote:
> I'm trying to setup dovecot on Solaris 10. I can get it all working 
> except TLS/SSL. I traced my problem down to the version of openssl 
> that Solaris 10 ships with. The fix is supposed to be to use a newer 
> version of openssl. Without removing the built-in version of openssl 
> I've installed openssl-0.9.8b to /usr/local.
>
> When I "./configure" dovecot it seems to always pick up the broken 
> version of openssl in /usr/sfw.  How do I make dovecot use an 
> alternate copy of openssl? How is it even finding the one in /usr/sfw?
>
> Thanks,
> -Chase
>
> I tried setting CPPFLAGS and LDFLAGS already.
>

More information about the dovecot mailing list