Re: dovecot-2.3 (-git) Warning and Fatal Compile Error

Reuben Farrelly Sun, 29 Oct 2017 15:25:12 -0700

Hi Aki,

On 30/10/2017 12:43 AM, Aki Tuomi wrote:

On October 29, 2017 at 1:55 PM Reuben Farrelly <reuben-dove...@reub.net> wrote:



Hi again,

Chasing down one last problem which seems to have been missed from my
last email:

On 20/10/2017 9:22 PM, Stephan Bosch wrote:


Op 20-10-2017 om 4:23 schreef Reuben Farrelly:

On 18/10/2017 11:40 PM, Timo Sirainen wrote:

On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dove...@reub.net>
wrote:

This problem below is still present in 2.3 -git, as of version 2.3.devel
(6fc40674e)

Secondly, this ssl_dh messages is always printed from doveconf:

doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem
doveconf: Warning: You can generate it with: dd
if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh
-inform der > /etc/dovecot/dh.pem

Yet the file is there:

thunderstorm conf.d # ls -la /etc/dovecot/dh.pem
-rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem

And the config is there as well:

thunderstorm dovecot # doveconf -P | grep ssl_dh
ssl_dh = </etc/dovecot/dh.pem
doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem
doveconf: Warning: You can generate it with: dd
if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh
-inform der > /etc/dovecot/dh.pem
   ssl_dh = -----BEGIN DH PARAMETERS-----
   ssl_dh = -----BEGIN DH PARAMETERS-----
   ssl_dh = -----BEGIN DH PARAMETERS-----
   ssl_dh = -----BEGIN DH PARAMETERS-----
   ssl_dh = -----BEGIN DH PARAMETERS-----
   ssl_dh = -----BEGIN DH PARAMETERS-----
   ssl_dh = -----BEGIN DH PARAMETERS-----
   ssl_dh = -----BEGIN DH PARAMETERS-----
thunderstorm dovecot #

It appears that this warning is being triggered by the presence of
the ssl-parameters.dat file because when I remove it the warning
goes away. Perhaps the warning could be made a bit more specific
about this file being removed if it is not required because at the
moment the warning message is not related to the trigger.

Thanks,
Reuben

Thanks,
Reuben

It is triggered when there is ssl-parameters.dat file *AND* there is no 
ssl_dh=< explicitly set in config file.

Aki


I have this already in my 10-ssl.conf file:

lightning dovecot # /etc/init.d/dovecot reload
doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem

doveconf: Warning: You can generate it with: ddif=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -informder > /etc/dovecot/dh.pem * Reloading dovecot configs and restarting auth/login processes... [ ok ]

lightning dovecot #

However:

lightning dovecot # grep ssl_dh conf.d/10-ssl.conf
# gives on startup when ssl_dh is unset.
ssl_dh=</etc/dovecot/dh.pem
lightning dovecot #

and the file is there:

lightning dovecot # ls -la /etc/dovecot/dh.pem
-rw-r--r-- 1 root root 769 Oct 19 19:06 /etc/dovecot/dh.pem
lightning dovecot #

So it is actually configured and yet the warning still is present.

Reuben

Re: dovecot-2.3 (-git) Warning and Fatal Compile Error

Reply via email to