Hello everyone,
Problem info:
An error occurs, while trying to establish a TLS/SSL secured connection
to a database (mariadb), which has the ability to accept TLS/SSL
connections.
Analysis from Archlinux Gitlab Issue, which could be found under
following link by - Toolybird:
https://gitlab.archlinux.org/archlinux/packaging/packages/dovecot/-/issues/12#note_382396
> Thanks for reporting. It would appear to be some kind of (upstream?)
> bug in the autofoo. The error message can be traced back to
> HAVE_MYSQL_SSL being undefined when it should be defined. This is
> reflected in log:
https://reproducible.archlinux.org/api/v0/builds/946041/log
> It took quite some debugging, but adding the following hack before the
> autoreconf call appears to make it work:
> checking for mysql_ssl_set in -llibmariadb... no
> sed -i 's/mysql_driver="libmariadb"/mysql_driver="mariadb"/' m4/
> want_mysql.m4
> After that it now shows:
> checking for mysql_ssl_set in -lmariadb... yes
Steps to reproduce:
1. Configure dovecot 2.4.2-4 as described below
2. Restart dovecot 2.4.2-4
3. Try send an email (echo "Test-E-Mail" | /usr/sbin/sendmail root)
4. Determine error messages inside dovecot 2.4.2-4-Log
01 Dec 22 04:57:38 server dovecot[842]: auth: Error:
mysql(db.idmz.tachtler.net): mysql: SSL support not compiled in (remove
ssl_client_ca_file and ssl_client_ca_dir settings)
02 Dec 22 04:57:38 server dovecot[842]: auth-worker: Error:
mysql(db.idmz.tachtler.net): mysql: SSL support not compiled in (remove
ssl_client_ca_file and ssl_client_ca_dir settings)
Additional info:
OS version: Archlinux
package version(s): dovecot 2.4.2-4
necessary config file part:
45 sql_driver = mysql
46
47 mysql db.idmz.tachtler.net {
48 host = db.idmz.tachtler.net
49 port = 3306
50 user = postfixuser
51 password = geheim
52 dbname = postfix
53 ssl = yes
54 ssl_client_ca_file = /etc/dovecot/ssl/certs/CAcert.pem
55 ssl_client_cert_file =
/etc/dovecot/ssl/certs/client.idmz.tachtler.net.pem
56 ssl_client_key_file =
/etc/dovecot/ssl/private/client.idmz.tachtler.net.key.pem
57 ssl_cipher_list = DHE-RSA-AES256-SHA
58 }
WITHOUT the following line, a database connections is possible and works
as expected:
53 ssl = yes
54 ssl_client_ca_file = /etc/dovecot/ssl/certs/CAcert.pem
55 ssl_client_cert_file =
/etc/dovecot/ssl/certs/client.idmz.tachtler.net.pem
56 ssl_client_key_file =
/etc/dovecot/ssl/private/client.idmz.tachtler.net.key.pem
57 ssl_cipher_list = DHE-RSA-AES256-SHA
Thanky you in advance for your help!
Klaus Tachtler.
--
---------------------------------------
e-Mail : [email protected]
Homepage: https://www.tachtler.net
DokuWiki: https://dokuwiki.tachtler.net
---------------------------------------
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
