Re: [Dbmail] setup without ssl configuration results in warnings

Thu, 17 Oct 2013 23:26:06 -0700 

Hi.
I think we can at least reduce the warnings by not trying to load the certificates if ssl/tls is disabled. 

from server.c line 524+:
static void server_create_sockets(ServerConfig_T * conf)
{
....
        tls_load_certs(conf);

        if (conf->ssl)
                tls_load_ciphers(conf);
....
}


I think it would be good to put the "tls_load_certs(conf);" also in the 
"if(conf->ssl)"


also the other warnings could have the same condition:

from server.c line 947+:


int server_mainloop(ServerConfig_T *config, const char *service, const 
char *servicename)

{
...
     tls_context = tls_init();
...
}

and


void server_config_load(ServerConfig_T * config, const char * const 
service)

{
....
        /* read items: TLS_CAFILE */
        config_get_value("TLS_CAFILE", service, val);
        if(strlen(val) == 0)
                TRACE(TRACE_WARNING, "no value for TLS_CAFILE in config file");
        strncpy(config->tls_cafile, val, FIELDSIZE);
        config->tls_cafile[FIELDSIZE - 1] = '\0';


        TRACE(TRACE_DEBUG, "CA file is set to [%s]", 
config->tls_cafile);


        /* read items: TLS_CERT */
        config_get_value("TLS_CERT", service, val);
        if(strlen(val) == 0)
                TRACE(TRACE_WARNING, "no value for TLS_CERT in config file");
        strncpy(config->tls_cert, val, FIELDSIZE);
        config->tls_cert[FIELDSIZE - 1] = '\0';


        TRACE(TRACE_DEBUG, "Certificate file is set to [%s]", 
config->tls_cert);


        /* read items: TLS_KEY */
        config_get_value("TLS_KEY", service, val);
        if(strlen(val) == 0)
                TRACE(TRACE_WARNING, "no value for TLS_KEY in config file");
        strncpy(config->tls_key, val, FIELDSIZE);
        config->tls_key[FIELDSIZE - 1] = '\0';

        TRACE(TRACE_DEBUG, "Key file is set to [%s]", config->tls_key);

        /* read items: TLS_CIPHERS */
        config_get_value("TLS_CIPHERS", service, val);
        if(strlen(val) == 0)
                TRACE(TRACE_INFO, "no value for TLS_CIPHERS in config file");
        strncpy(config->tls_ciphers, val, FIELDSIZE);
        config->tls_ciphers[FIELDSIZE - 1] = '\0';
}

I think it would be save to ignore those values if ssl is not enabled

@Paul: what do you think? did I miss something or does this make sense?


I think we could avoid the warnings if it ignores those config settings 
(or at least doesn't print the warnings) if there is no ssl/tls port 
set.


Regards


On 2013-10-18 01:26, Reindl Harald wrote:

Hi

IMHO without configured TLS because a proxy in front doing
SSL-termination there should not run any TSL related code or
at least no warnings at startup in /var/log/maillog

syslog_logging_levels = 31

# tls_cafile           = /etc/pki/tls/certs/ca-bundle.crt
# tls_cert             = /etc/postfix/certs/localhost.pem
# tls_key              = /etc/postfix/certs/localhost.pem

# tls_ciphers          = 
ALL:!aNULL:!eNULL:!ADH!LOW:!MEDIUM:!EXP:!SSLv2:HIGH


Oct 18 01:22:45 testserver dbmail/imap4d[50719]: Warning:[server]
server_config_load(+1133): no value for
TLS_CAFILE in config file
Oct 18 01:22:45 testserver dbmail/imap4d[50719]: Warning:[server]
server_config_load(+1142): no value for TLS_CERT
in config file
Oct 18 01:22:45 testserver dbmail/imap4d[50719]: Warning:[server]
server_config_load(+1151): no value for TLS_KEY
in config file
Oct 18 01:22:45 testserver dbmail/imap4d[50719]: Warning:[tls]
tls_load_certs(+56): Error loading CA file []:
error:02001002:system library:fopen:No such file or directory
Oct 18 01:22:45 testserver dbmail/imap4d[50719]: Warning:[tls]
tls_load_certs(+64): Error loading certificate file
[]: error:2006D080:BIO routines:BIO_new_file:no such file
Oct 18 01:22:45 testserver dbmail/imap4d[50719]: Warning:[tls]
tls_load_certs(+72): Error loading key file []:

error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system 
lib

Oct 18 01:22:45 testserver dbmail/imap4d[50719]: Warning:[tls]
tls_load_certs(+81): Mismatch between certificate
file [] and key file []: error:02001002:system library:fopen:No such
file or directory
Oct 18 01:22:45 testserver dbmail/pop3d[50752]: Warning:[server]
server_config_load(+1133): no value for TLS_CAFILE
in config file
Oct 18 01:22:45 testserver dbmail/pop3d[50752]: Warning:[server]
server_config_load(+1142): no value for TLS_CERT
in config file
Oct 18 01:22:45 testserver dbmail/pop3d[50752]: Warning:[server]
server_config_load(+1151): no value for TLS_KEY in
config file
Oct 18 01:22:45 testserver dbmail/pop3d[50752]: Warning:[tls]
tls_load_certs(+56): Error loading CA file []:
error:02001002:system library:fopen:No such file or directory
Oct 18 01:22:45 testserver dbmail/pop3d[50752]: Warning:[tls]
tls_load_certs(+64): Error loading certificate file
[]: error:2006D080:BIO routines:BIO_new_file:no such file
Oct 18 01:22:45 testserver dbmail/pop3d[50752]: Warning:[tls]
tls_load_certs(+72): Error loading key file []:

error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system 
lib

Oct 18 01:22:45 testserver dbmail/pop3d[50752]: Warning:[tls]
tls_load_certs(+81): Mismatch between certificate
file [] and key file []: error:02001002:system library:fopen:No such
file or directory
Oct 18 01:22:45 testserver dbmail/lmtpd[50765]: Warning:[server]
server_config_load(+1133): no value for TLS_CAFILE
in config file
Oct 18 01:22:45 testserver dbmail/lmtpd[50765]: Warning:[server]
server_config_load(+1142): no value for TLS_CERT
in config file
Oct 18 01:22:45 testserver dbmail/lmtpd[50765]: Warning:[server]
server_config_load(+1151): no value for TLS_KEY in
config file
Oct 18 01:22:45 testserver dbmail/lmtpd[50765]: Warning:[tls]
tls_load_certs(+56): Error loading CA file []:
error:02001002:system library:fopen:No such file or directory
Oct 18 01:22:45 testserver dbmail/lmtpd[50765]: Warning:[tls]
tls_load_certs(+64): Error loading certificate file
[]: error:2006D080:BIO routines:BIO_new_file:no such file
Oct 18 01:22:45 testserver dbmail/lmtpd[50765]: Warning:[tls]
tls_load_certs(+72): Error loading key file []:

error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system 
lib

Oct 18 01:22:45 testserver dbmail/lmtpd[50765]: Warning:[tls]
tls_load_certs(+81): Mismatch between certificate
file [] and key file []: error:02001002:system library:fopen:No such
file or directory
Oct 18 01:22:45 testserver dbmail/timsieved[50778]: Warning:[server]
server_config_load(+1133): no value for
TLS_CAFILE in config file
Oct 18 01:22:45 testserver dbmail/timsieved[50778]: Warning:[server]
server_config_load(+1142): no value for
TLS_CERT in config file
Oct 18 01:22:45 testserver dbmail/timsieved[50778]: Warning:[server]
server_config_load(+1151): no value for
TLS_KEY in config file
Oct 18 01:22:45 testserver dbmail/timsieved[50778]: Warning:[tls]
tls_load_certs(+56): Error loading CA file []:
error:02001002:system library:fopen:No such file or directory
Oct 18 01:22:45 testserver dbmail/timsieved[50778]: Warning:[tls]
tls_load_certs(+64): Error loading certificate
file []: error:2006D080:BIO routines:BIO_new_file:no such file
Oct 18 01:22:45 testserver dbmail/timsieved[50778]: Warning:[tls]
tls_load_certs(+72): Error loading key file []:

error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system 
lib

Oct 18 01:22:45 testserver dbmail/timsieved[50778]: Warning:[tls]
tls_load_certs(+81): Mismatch between certificate
file [] and key file []: error:02001002:system library:fopen:No such
file or directory


_______________________________________________
DBmail mailing list
DBmail@dbmail.org
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

_______________________________________________
DBmail mailing list
DBmail@dbmail.org
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail






















					Reply via email to