On 7/8/20 7:57 PM, Aisha Tammy wrote:
On dovecots side, I get:
Jul 8 20:28:59 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs):
user=<>, rip=98.109.25.191, lip=108.61.81.40, TLS handshaking: SSL_accept()
failed: error:14037418:SSL routines:ACCEPT_SR_KEY_EXCH:tlsv1 alert unknown ca: SSL
alert number 48, session=<teKGT/epjA9ibRm/>
I think this might be some error with either ssl lib things in php or something
similar.
(An unlikelier scenario is that I have some errors with my dovecot imap ssl,
but every other client, thunderbird/fairmail/k-9 mail are authenticating fine)
I think it's actually a lot more likely, but you don't provide much
information about how you configured dovecot.
The dovecot error is that it doesn't recognize the CA, which suggests
the client (roundcube) is *sending* a certificate. If you a) turned onĀ
'ssl_verify_client_cert' in Dovecot, b) set 'local_cert' in
$config['imap_conn_options']['ssl'] in Roundcube, c) did not configure a
client certificate with any other client, and d) did not have 'ssl_ca'
set correctly in dovecot, I believe you would get this error.
--
Matthew Weigel
hacker
unique & idempot . ent
