Strange ssl/dso troubles on freeBSD13.3

[Georg Graf via dovecot]

Hi, I'm George and I think I've been running dovecot for like more than 
a decade now without any troubles, so: WOW!

Nevertheless, after an upgrade from FreeBSD 13.2 to 13.3 plus "pkg 
upgrade" my dovecot installation refuses to load the ssl certificates.
I've tried a version built from source as well as the package.
The Problem seems to be something with loading of DSO's:
=========================================================================================================
Jul 31 16:42:11 murl dovecot[10801]: imap-login: Error: Failed to 
initialize SSL server context: Can't load SSL certificate (ssl_cert 
setting): error:25066067:DSO support routines:dlfcn_load:could not load 
the shared library: filename(libproviders.so): Shared object 
"libproviders.so" not found, required by "imap-login", 
error:25070067:DSO support routines:DSO_load:could not load the shared 
library, error:0E07506E:configuration file 
routines:module_load_dso:error loading dso: module=providers, 
path=providers, error:0E076071:configuration file routines:mo
=========================================================================================================

I have never seen 'libproviders' and there's not a lot on it on the 
internet as well.

Here comes my (dead-simple) 'dovecot -n':
=========================================================================================================
# 2.3.21 (47349e2482): /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 13.3-RELEASE-p4 amd64
# Hostname: murl.graf.priv.at
auth_mechanisms = plain login
disable_plaintext_auth = no
mail_location = maildir:~/Maildir:LAYOUT=fs:INBOX=~/Maildir
passdb {
  driver = pam
}
protocols = imap
ssl_cert = </root/.acme.sh/graf.priv.at/fullchain.cer
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
  args = blocking=yes
  driver = passwd
}
verbose_ssl = yes
protocol imap {
  imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
}
=========================================================================================================

My openssl s_client shows that the server hangs up (while producing the 
above log entry):
=========================================================================================================
# openssl s_client -servername graf.priv.at -connect graf.priv.at:imaps
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 314 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
=========================================================================================================

Just to mention: plaintext IMAP is still working:
=========================================================================================================
# telnet graf.priv.at imap
Trying 78.41.116.33...
Connected to graf.priv.at.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE 
LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
u login georg <mysupersecretpassword>
u OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT 
SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT 
MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAM
ESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT 
SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY 
PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITE
RAL+ NOTIFY] Logged in
r select INBOX
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft $Forwarded $MDNSent 
$label5 $label3)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft 
$Forwarded $MDNSent $label5 $label3 \*)] Flags permitted.
* 359 EXISTS
* 0 RECENT
* OK [UNSEEN 2] First unseen.
* OK [UIDVALIDITY 1509040425] UIDs valid
* OK [UIDNEXT 11767] Predicted next UID
* OK [HIGHESTMODSEQ 19640] Highest
r OK [READ-WRITE] Select completed (0.006 + 0.000 + 0.005 secs).
s logout
* BYE Logging out
s OK Logout completed (0.001 + 0.000 secs).
Connection closed by foreign host.
=========================================================================================================

Any helping hint is highly appreciated!

Thank you very much,

   George

_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org