dovecot-2.3 (-git) Warning and Fatal Compile Error
Aki Tuomi
aki.tuomi at dovecot.fi
Mon Oct 30 09:10:30 EET 2017
On 30.10.2017 00:23, Reuben Farrelly wrote:
> Hi Aki,
>
> On 30/10/2017 12:43 AM, Aki Tuomi wrote:
>>> On October 29, 2017 at 1:55 PM Reuben Farrelly
>>> <reuben-dovecot at reub.net> wrote:
>>>
>>>
>>> Hi again,
>>>
>>> Chasing down one last problem which seems to have been missed from my
>>> last email:
>>>
>>> On 20/10/2017 9:22 PM, Stephan Bosch wrote:
>>>>
>>>> Op 20-10-2017 om 4:23 schreef Reuben Farrelly:
>>>>> On 18/10/2017 11:40 PM, Timo Sirainen wrote:
>>>>>> On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dovecot at reub.net>
>>>>>> wrote:
>>> This problem below is still present in 2.3 -git, as of version
>>> 2.3.devel
>>> (6fc40674e)
>>>
>>>>>> Secondly, this ssl_dh messages is always printed from doveconf:
>>>>>>
>>>>>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem
>>>>>> doveconf: Warning: You can generate it with: dd
>>>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh
>>>>>> -inform der > /etc/dovecot/dh.pem
>>>>>>
>>>>>> Yet the file is there:
>>>>>>
>>>>>> thunderstorm conf.d # ls -la /etc/dovecot/dh.pem
>>>>>> -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem
>>>>>>
>>>>>> And the config is there as well:
>>>>>>
>>>>>> thunderstorm dovecot # doveconf -P | grep ssl_dh
>>>>>> ssl_dh = </etc/dovecot/dh.pem
>>>>>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem
>>>>>> doveconf: Warning: You can generate it with: dd
>>>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh
>>>>>> -inform der > /etc/dovecot/dh.pem
>>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>>> thunderstorm dovecot #
>>>>>>
>>>>>> It appears that this warning is being triggered by the presence of
>>>>>> the ssl-parameters.dat file because when I remove it the warning
>>>>>> goes away. Perhaps the warning could be made a bit more specific
>>>>>> about this file being removed if it is not required because at the
>>>>>> moment the warning message is not related to the trigger.
>>>>>>
>>>>>> Thanks,
>>>>>> Reuben
>>> Thanks,
>>> Reuben
>> It is triggered when there is ssl-parameters.dat file *AND* there is
>> no ssl_dh=< explicitly set in config file.
>>
>> Aki
>
> I have this already in my 10-ssl.conf file:
>
> lightning dovecot # /etc/init.d/dovecot reload
> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem
> doveconf: Warning: You can generate it with: dd
> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh
> -inform der > /etc/dovecot/dh.pem
> * Reloading dovecot configs and restarting auth/login processes
> ... [ ok ]
> lightning dovecot #
>
> However:
>
> lightning dovecot # grep ssl_dh conf.d/10-ssl.conf
> # gives on startup when ssl_dh is unset.
> ssl_dh=</etc/dovecot/dh.pem
> lightning dovecot #
>
> and the file is there:
>
> lightning dovecot # ls -la /etc/dovecot/dh.pem
> -rw-r--r-- 1 root root 769 Oct 19 19:06 /etc/dovecot/dh.pem
> lightning dovecot #
>
> So it is actually configured and yet the warning still is present.
>
> Reuben
Hi!
I gave this a try, and I was not able to repeat this issue. Perhaps you
are still missing ssl_dh somewhere?
Aki
More information about the dovecot
mailing list