On Wed, Jul 31, 2024 at 6:11 PM Georg Graf via dovecot <dovecot@dovecot.org>
wrote:
> Hi, I'm George and I think I've been running dovecot for like more than
> a decade now without any troubles, so: WOW!
>
> Nevertheless, after an upgrade from FreeBSD 13.2 to 13.3 plus "pkg
> upgrade" my dovecot installation refuses to load the ssl certificates.
> I've tried a version built from source as well as the package.
>
> The Problem seems to be something with loading of DSO's:
>
> =========================================================================================================
> Jul 31 16:42:11 murl dovecot[10801]: imap-login: Error: Failed to
> initialize SSL server context: Can't load SSL certificate (ssl_cert
> setting): error:25066067:DSO support routines:dlfcn_load:could not load
> the shared library: filename(libproviders.so): Shared object
> "libproviders.so" not found, required by "imap-login",
> error:25070067:DSO support routines:DSO_load:could not load the shared
> library, error:0E07506E:configuration file
> routines:module_load_dso:error loading dso: module=providers,
> path=providers, error:0E076071:configuration file routines:mo
>
> =========================================================================================================
>
> I have never seen 'libproviders' and there's not a lot on it on the
> internet as well.
>
> Here comes my (dead-simple) 'dovecot -n':
>
> =========================================================================================================
> # 2.3.21 (47349e2482): /usr/local/etc/dovecot/dovecot.conf
> # OS: FreeBSD 13.3-RELEASE-p4 amd64
> # Hostname: murl.graf.priv.at
> auth_mechanisms = plain login
> disable_plaintext_auth = no
> mail_location = maildir:~/Maildir:LAYOUT=fs:INBOX=~/Maildir
> passdb {
> driver = pam
> }
> protocols = imap
> ssl_cert = </root/.acme.sh/graf.priv.at/fullchain.cer
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> userdb {
> args = blocking=yes
> driver = passwd
> }
> verbose_ssl = yes
> protocol imap {
> imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
> }
>
> =========================================================================================================
>
> My openssl s_client shows that the server hangs up (while producing the
> above log entry):
>
> =========================================================================================================
> # openssl s_client -servername graf.priv.at -connect graf.priv.at:imaps
> CONNECTED(00000003)
> write:errno=0
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 0 bytes and written 314 bytes
> Verification: OK
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> Early data was not sent
> Verify return code: 0 (ok)
> ---
>
> =========================================================================================================
>
> Just to mention: plaintext IMAP is still working:
>
> =========================================================================================================
> # telnet graf.priv.at imap
> Trying 78.41.116.33...
> Connected to graf.priv.at.
> Escape character is '^]'.
> * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
> LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
> u login georg <mysupersecretpassword>
> u OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT
> SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT
> MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAM
> ESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT
> SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY
> PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITE
> RAL+ NOTIFY] Logged in
> r select INBOX
> * FLAGS (\Answered \Flagged \Deleted \Seen \Draft $Forwarded $MDNSent
> $label5 $label3)
> * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft
> $Forwarded $MDNSent $label5 $label3 \*)] Flags permitted.
> * 359 EXISTS
> * 0 RECENT
> * OK [UNSEEN 2] First unseen.
> * OK [UIDVALIDITY 1509040425] UIDs valid
> * OK [UIDNEXT 11767] Predicted next UID
> * OK [HIGHESTMODSEQ 19640] Highest
> r OK [READ-WRITE] Select completed (0.006 + 0.000 + 0.005 secs).
> s logout
> * BYE Logging out
> s OK Logout completed (0.001 + 0.000 secs).
> Connection closed by foreign host.
>
> =========================================================================================================
>
> Any helping hint is highly appreciated!
>
> Thank you very much,
>
I am not the expert here, but did you complete your upgrade of FreeBSD?
It appears that the breakage is something to do with OpenSSL on your system
than dovecot.
I'd suggest you look into your update and see if you have the correct
version of openssl that you expect with 13.3-RELEASE.
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
