Re: Dovecot 2.2.25 fails on SSL
> On September 30, 2016 at 3:26 AM "Andreas M. Kirchwitz"> wrote: > > > Joseph Tam wrote: > > >>> OK, the origin of your problem becomes clearer. You can hardcode these > >>> paths into the executables by doing something like > >>> > >>> env CFLAGS='-I/my'ssl/include' \ > >>> LDFLAGS='-L/your/ssl/lib -Wl,-rpath,/my/ssl/lib' \ > >>> configure ... > >> > >> Based on your mail I've tried CFLAGS/LDFLAGS again, and > >> now Dovecot didn't even compile any longer. > > > > I don't use the same OS as you, but what errors dis you get? > > To be exact here, it's not the compiler but the linker failing > (of course, the whole problem is about the linking process). > > With "--as-needed", the crypto/ssl libraries are not linked at all with > the object files. I don't quite understand why it doesn't fall back to > the system crypto/ssl libraries because they are in the default pathes > with all other libraries. (That's basically what most other software > packages do if my custom pathes for "-L" "-Wl,-R" somehow get ignored > in the building process.) > > IMHO, the unusual option "--as-needed" should be removed. There seems > to be no benefit but it basically keeps Dovecot to be linked against > any custom-specified library. > > Maybe it's just a problem with RHEL/CentOS 6 and the GCC that ships > with it. I'm compiling a lot of software myself and link it against > my custom OpenSSL. Never had this problem before, otherwise I would > have known to specify "-Wl,--no-as-needed" to reverse ld's behavior > to the default. > > Well, at least I've learned something new. :-) > > Regards, Andreas Hi, The as-needed issue has been hopefully fixed in https://github.com/dovecot/core/commit/f49f1c5fa6a9a55a194e5ada042df134907278f4 Aki
Re: Dovecot 2.2.25 fails on SSL
Joseph Tamwrote: >>> OK, the origin of your problem becomes clearer. You can hardcode these >>> paths into the executables by doing something like >>> >>> env CFLAGS='-I/my'ssl/include' \ >>> LDFLAGS='-L/your/ssl/lib -Wl,-rpath,/my/ssl/lib' \ >>> configure ... >> >> Based on your mail I've tried CFLAGS/LDFLAGS again, and >> now Dovecot didn't even compile any longer. > > I don't use the same OS as you, but what errors dis you get? To be exact here, it's not the compiler but the linker failing (of course, the whole problem is about the linking process). With "--as-needed", the crypto/ssl libraries are not linked at all with the object files. I don't quite understand why it doesn't fall back to the system crypto/ssl libraries because they are in the default pathes with all other libraries. (That's basically what most other software packages do if my custom pathes for "-L" "-Wl,-R" somehow get ignored in the building process.) IMHO, the unusual option "--as-needed" should be removed. There seems to be no benefit but it basically keeps Dovecot to be linked against any custom-specified library. Maybe it's just a problem with RHEL/CentOS 6 and the GCC that ships with it. I'm compiling a lot of software myself and link it against my custom OpenSSL. Never had this problem before, otherwise I would have known to specify "-Wl,--no-as-needed" to reverse ld's behavior to the default. Well, at least I've learned something new. :-) Regards, Andreas
Re: Dovecot 2.2.25 fails on SSL
"Andreas M. Kirchwitz"writes: OK, the origin of your problem becomes clearer. You can hardcode these paths into the executables by doing something like env CFLAGS='-I/my'ssl/include' \ LDFLAGS='-L/your/ssl/lib -Wl,-rpath,/my/ssl/lib' \ configure ... Based on your mail I've tried CFLAGS/LDFLAGS again, and now Dovecot didn't even compile any longer. I don't use the same OS as you, but what errors dis you get? Joseph Tam
Re: Dovecot 2.2.25 fails on SSL
Joseph Tamwrote: >> For every program I compile myself, I link it against my custom >> OpenSSL library (always newest version; distributions usually tend >> to stick with a specific version and only apply security fixes). > > OK, the origin of your problem becomes clearer. You can hardcode these > paths into the executables by doing something like > > env CFLAGS='-I/my'ssl/include' \ > LDFLAGS='-L/your/ssl/lib -Wl,-rpath,/my/ssl/lib' \ > configure ... Yes, exactly, that's my usual approach. I've used this as well for building other software with custom libraries. Unfortunately, I remember CFLAGS/LDFLAGS didn't play well with Dovecot, so I used SSL_CFLAGS/SSL_LIBS as suggested by the documentation and that worked well. > I use this myself (except the -Wl part since these libs are > symlinked to my shared library path). I think "-R/my/ssl/lib" > might also be synonymous with -Wl,... Based on your mail I've tried CFLAGS/LDFLAGS again, and now Dovecot didn't even compile any longer. I was close to giving up. But obviously, I didn't ... :-) After some investigation I found the non-default linker option "-Wl,--as-needed" as problem which is enabled by Dovecot for unknown reasons. Finally, this call to "configure" generates proper Makefile files to build Dovecot with a custom SSL library: env CPPFLAGS="-I/usr/local/ssl/include" LDFLAGS="-L/usr/local/ssl/lib -Wl,-R/usr/local/ssl/lib" LIBS="-Wl,--no-as-needed -lcrypto -lssl" SSL_CFLAGS="-I/usr/local/ssl/include" SSL_LIBS="-L/usr/local/ssl/lib -Wl,-R/usr/local/ssl/lib -Wl,--no-as-needed -lcrypto -lssl" ./configure --prefix=/usr/local/dovecot --with-ssl=openssl (chances are that SSL_CFLAGS/SSL_LIBS could be removed completely but it won't hurt) I've read the section in the "ld" manual but still don't understand why Dovecot enables --as-needed (never seen that before with other software) and why it's such a big problem. But I'm no expert here. > I don't have that problem -- I use configure to tell dovecot where to find > my self-compiled openssl, and the resulting executables load from where I > want. Thanks for pointing me at the proper direction again. Now Dovecot 2.2.25 compiles for me with a custom SSL. I understand that this issue might not have a high priority but maybe one of the developers could check if "--as-needed" is really needed (as it confuses people who try to use custom libraries) and what's the deeper meaning of SSL_CFLAGS/SSL_LIBS. My system is a regular CentOS 6 (latest sub-release with all patches), nothing special except for a custom SSL installation. Greetings, Andreas
Re: Dovecot 2.2.25 fails on SSL
Andreas M. Kirchwitz writes: You can also affect where shared libraries are loaded using the LD_LIBRARY_PATH environment variable. Try adding LD_LIBARY_PATH=/location/of/libdir; export LD_LIBARY_PATH to your service boot scripts. Thanks for the advice. It's fine for a temporary working around problems (like this one, so you're absolutely right :-) However, no program should require that for regular use because you never know exactly if somebody in the chain of executed code removes certain environment variables. And also the opposite way, if Dovecot runs external programs, those might not play well with an existing LD_LIBARY_PATH and incompatible SSL libraries. Sure, I understand this, but it's handy in lots of cases where you need to loading from an alternate location. Not everyone has access to resource to recompile. For every program I compile myself, I link it against my custom OpenSSL library (always newest version; distributions usually tend to stick with a specific version and only apply security fixes). OK, the origin of your problem becomes clearer. You can hardcode these paths into the executables by doing something like env CFLAGS='-I/my'ssl/include' \ LDFLAGS='-L/your/ssl/lib -Wl,-rpath,/my/ssl/lib' \ configure ... I use this myself (except the -Wl part since these libs are symlinked to my shared library path). I think "-R/my/ssl/lib" might also be synonymous with -Wl,... Dovecot is the only package I know of where there are like a thousand places to put additional libs in the Makefile.am files, but most of them are totally ignored by configure. I don't have that problem -- I use configure to tell dovecot where to find my self-compiled openssl, and the resulting executables load from where I want. Joseph Tam
Re: Dovecot 2.2.25 fails on SSL
Do you have multiple OpenSSL's installed? Sent from my iPhone > On Sep 5, 2016, at 10:38 PM, Michael A. Peterswrote: > > > >> On 09/02/2016 12:50 PM, Joseph Tam wrote: >> Aki Tuomi wrote: >> >> ldd /usr/local/Dovecot-2.2.25/lib/dovecot/libdcrypt_openssl.so >>linux-gate.so.1 => (0x00dca000) >>libcrypto.so.1.0.0 => not found >> ... >>> >>> Well, then it leaves only option of using /etc/ld.so.conf >>> so basically add your libssl location there. >> >> You can also affect where shared libraries are loaded using the >> LD_LIBRARY_PATH environment variable. Try adding >> >>LD_LIBARY_PATH=/location/of/libdir; export LD_LIBARY_PATH >> >> to your service boot scripts. > > would an rpath solve the problem? > > I believe chrpath command can probably be used to set the rpath if it isn't > set at compile time.
Re: Dovecot 2.2.25 fails on SSL
On 09/02/2016 12:50 PM, Joseph Tam wrote: Aki Tuomi wrote: ldd /usr/local/Dovecot-2.2.25/lib/dovecot/libdcrypt_openssl.so linux-gate.so.1 => (0x00dca000) libcrypto.so.1.0.0 => not found ... Well, then it leaves only option of using /etc/ld.so.conf so basically add your libssl location there. You can also affect where shared libraries are loaded using the LD_LIBRARY_PATH environment variable. Try adding LD_LIBARY_PATH=/location/of/libdir; export LD_LIBARY_PATH to your service boot scripts. would an rpath solve the problem? I believe chrpath command can probably be used to set the rpath if it isn't set at compile time.
Re: Dovecot 2.2.25 fails on SSL
Joseph Tamwrote: > You can also affect where shared libraries are loaded using the > LD_LIBRARY_PATH environment variable. Try adding > > LD_LIBARY_PATH=/location/of/libdir; export LD_LIBARY_PATH > > to your service boot scripts. Thanks for the advice. It's fine for a temporary working around problems (like this one, so you're absolutely right :-) However, no program should require that for regular use because you never know exactly if somebody in the chain of executed code removes certain environment variables. And also the opposite way, if Dovecot runs external programs, those might not play well with an existing LD_LIBARY_PATH and incompatible SSL libraries. For every program I compile myself, I link it against my custom OpenSSL library (always newest version; distributions usually tend to stick with a specific version and only apply security fixes). For most packages (eg, Exim, Apache HTTP, BIND, INN, OpenSSH, Mutt, wget etc.) it pretty straightforward. Even if not, usually I can find a quick solution myself. Dovecot is the only package I know of where there are like a thousand places to put additional libs in the Makefile.am files, but most of them are totally ignored by configure. And even if I modify the Makefile files after configure, again most of the additional options get ignored. Never seen it that complicated. As Dovecot is my favorite IMAP daemon, there's no way I'm giving up. :-) I'm totally confident that the developers will find a good solution. And I'm happy to test every patch they come up with. Greetings, Andreas
Re: Dovecot 2.2.25 fails on SSL
Aki Tuomi wrote: ldd /usr/local/Dovecot-2.2.25/lib/dovecot/libdcrypt_openssl.so linux-gate.so.1 => (0x00dca000) libcrypto.so.1.0.0 => not found ... Well, then it leaves only option of using /etc/ld.so.conf so basically add your libssl location there. You can also affect where shared libraries are loaded using the LD_LIBRARY_PATH environment variable. Try adding LD_LIBARY_PATH=/location/of/libdir; export LD_LIBARY_PATH to your service boot scripts. Joseph Tam
Re: Dovecot 2.2.25 fails on SSL
Aki Tuomiwrote: > Well, then it leaves only option of using /etc/ld.so.conf > so basically add your libssl location there. That's not a working solution and not the purpose of /etc/ld.so.conf. Currently, this is a real-life security issue in Dovecot 2.2.25, because it compiles fine but then - to the user - silently fails to use SSL. The user who doesn't know better reconfigures his client and all security is gone. :-( Custom SSL worked fine in Dovecot 2.2.24, so obviously it can be made to work. The question is just where to add the proper options, or maybe "configure" is broken in some way. I'm happy to try out more patches until the proper solution is found. I've already tried adding SSL libs in various locations during the build process but it hast always the same result that it never gets past "configure". Greetings, Andreas
Re: Dovecot 2.2.25 fails on SSL
> On September 2, 2016 at 5:35 PM "Andreas M. Kirchwitz"> wrote: > > > Aki Tuomi wrote: > > > Well, then it leaves only option of using /etc/ld.so.conf > > so basically add your libssl location there. > > That's not a working solution and not the purpose of /etc/ld.so.conf. > > Currently, this is a real-life security issue in Dovecot 2.2.25, > because it compiles fine but then - to the user - silently fails > to use SSL. The user who doesn't know better reconfigures his > client and all security is gone. :-( > > Custom SSL worked fine in Dovecot 2.2.24, so obviously it can be > made to work. The question is just where to add the proper options, > or maybe "configure" is broken in some way. > > I'm happy to try out more patches until the proper solution is > found. I've already tried adding SSL libs in various locations > during the build process but it hast always the same result > that it never gets past "configure". > > Greetings, Andreas I tried various ways but wasn't able to get it to work. I can see if it can be fixed but it can take a while. Aki
Re: Dovecot 2.2.25 fails on SSL
> On September 2, 2016 at 4:56 AM "Andreas M. Kirchwitz"> wrote: > > > Aki Tuomi wrote: > > >> ldd /usr/local/Dovecot-2.2.25/lib/dovecot/libssl_iostream_openssl.so > >> linux-gate.so.1 => (0x00e8c000) > >> libcrypto.so.1.0.0 => not found > >> libssl.so.1.0.0 => not found > >> librt.so.1 => /lib/librt.so.1 (0x00be4000) > >> libc.so.6 => /lib/libc.so.6 (0x001a6000) > >> libpthread.so.0 => /lib/libpthread.so.0 (0x003e4000) > >> /lib/ld-linux.so.2 (0x007e7000) > >> > >> ldd /usr/local/Dovecot-2.2.25/lib/dovecot/libdcrypt_openssl.so > >> linux-gate.so.1 => (0x00dca000) > >> libcrypto.so.1.0.0 => not found > >> libssl.so.1.0.0 => not found > >> librt.so.1 => /lib/librt.so.1 (0x00a7a000) > >> libc.so.6 => /lib/libc.so.6 (0x0016) > >> libpthread.so.0 => /lib/libpthread.so.0 (0x0072f000) > >> /lib/ld-linux.so.2 (0x0056) > >> > >> There's no libdcrypt_openssl.so in Dovecot 2.2.24, so I guess > >> with the newly introduced dcrypt stuff something with SSL went wrong. > >> > >> Would be great if that could be fixed so that SSL works again. > > > > Can you try the attached patch out? > > Sorry for the late answer. (Away from computers. :-) > > Tried the attached patch, applies fine, compiles fine, > but the ssl/crypto libraries are still not found. > > The additional "$(SSL_LIBS)" in both "Makefile.am" files > doesn't properly make it into the resulting "Makefile" files. > After "configure" is done, the resulting "Makefile" files are > exactly the same in the original 2.2.25 version and patched > 2.2.25 version (I guess they *should* contain the additional > SSL libraries somewhere). > > Just let me know if there's more I can try (no longer away > from computers, so response time is faster :-) > > Sorry for the bad news ... Andreas Well, then it leaves only option of using /etc/ld.so.conf so basically add your libssl location there. Aki
Re: Dovecot 2.2.25 fails on SSL
Aki Tuomiwrote: >> ldd /usr/local/Dovecot-2.2.25/lib/dovecot/libssl_iostream_openssl.so >> linux-gate.so.1 => (0x00e8c000) >> libcrypto.so.1.0.0 => not found >> libssl.so.1.0.0 => not found >> librt.so.1 => /lib/librt.so.1 (0x00be4000) >> libc.so.6 => /lib/libc.so.6 (0x001a6000) >> libpthread.so.0 => /lib/libpthread.so.0 (0x003e4000) >> /lib/ld-linux.so.2 (0x007e7000) >> >> ldd /usr/local/Dovecot-2.2.25/lib/dovecot/libdcrypt_openssl.so >> linux-gate.so.1 => (0x00dca000) >> libcrypto.so.1.0.0 => not found >> libssl.so.1.0.0 => not found >> librt.so.1 => /lib/librt.so.1 (0x00a7a000) >> libc.so.6 => /lib/libc.so.6 (0x0016) >> libpthread.so.0 => /lib/libpthread.so.0 (0x0072f000) >> /lib/ld-linux.so.2 (0x0056) >> >> There's no libdcrypt_openssl.so in Dovecot 2.2.24, so I guess >> with the newly introduced dcrypt stuff something with SSL went wrong. >> >> Would be great if that could be fixed so that SSL works again. > > Can you try the attached patch out? Sorry for the late answer. (Away from computers. :-) Tried the attached patch, applies fine, compiles fine, but the ssl/crypto libraries are still not found. The additional "$(SSL_LIBS)" in both "Makefile.am" files doesn't properly make it into the resulting "Makefile" files. After "configure" is done, the resulting "Makefile" files are exactly the same in the original 2.2.25 version and patched 2.2.25 version (I guess they *should* contain the additional SSL libraries somewhere). Just let me know if there's more I can try (no longer away from computers, so response time is faster :-) Sorry for the bad news ... Andreas
Re: Dovecot 2.2.25 fails on SSL
On 04.07.2016 02:42, Andreas M. Kirchwitz wrote: > Dear Dovecot developers! > > This problem already existed some years ago, has been fixed, > and now it's there again in Dovecot 2.2.25 (2.2.24 was fine). > > I'm running CentOS 6 with a custom OpenSSL installation in /usr/local/ssl > Therefore, Dovecot is configured like this: > > env SSL_CFLAGS="-I/usr/local/ssl/include" SSL_LIBS="-L/usr/local/ssl/lib > -Wl,-R/usr/local/ssl/lib -lcrypto -lssl" ./configure > --prefix=/usr/local/Dovecot-2.2.25 --with-ssl=openssl > --with-ssldir=/usr/local/Dovecot-2.2.25/etc/dovecot/certs > > With "pkg-config", the same options for SSL are provided. > > "make" and "make install" run just fine, and the daemon starts > without any errors. However, if a user connects on port 993 (IMAPS), > Dovecot logs this failure message to syslog: > > Jul 4 01:08:43 myhost dovecot: ssl-params: Fatal: Couldn't load required > plugin /usr/local/Dovecot-2.2.25/lib/dovecot/libssl_iostream_openssl.so: > dlopen() failed: libcrypto.so.1.0.0: cannot open shared object file: No such > file or directory > Jul 4 01:08:43 myhost dovecot: ssl-params: Error: child process failed with > status 22784 > > ldd /usr/local/Dovecot-2.2.25/lib/dovecot/libssl_iostream_openssl.so > linux-gate.so.1 => (0x00e8c000) > libcrypto.so.1.0.0 => not found > libssl.so.1.0.0 => not found > librt.so.1 => /lib/librt.so.1 (0x00be4000) > libc.so.6 => /lib/libc.so.6 (0x001a6000) > libpthread.so.0 => /lib/libpthread.so.0 (0x003e4000) > /lib/ld-linux.so.2 (0x007e7000) > > ldd /usr/local/Dovecot-2.2.25/lib/dovecot/libdcrypt_openssl.so > linux-gate.so.1 => (0x00dca000) > libcrypto.so.1.0.0 => not found > libssl.so.1.0.0 => not found > librt.so.1 => /lib/librt.so.1 (0x00a7a000) > libc.so.6 => /lib/libc.so.6 (0x0016) > libpthread.so.0 => /lib/libpthread.so.0 (0x0072f000) > /lib/ld-linux.so.2 (0x0056) > > When comparing to Dovecot 2.2.24: > > ldd /usr/local/Dovecot-2.2.24/lib/dovecot/libssl_iostream_openssl.so > linux-gate.so.1 => (0x0073d000) > libcrypto.so.1.0.0 => /usr/local/ssl/lib/libcrypto.so.1.0.0 > (0x00b04000) > libssl.so.1.0.0 => /usr/local/ssl/lib/libssl.so.1.0.0 (0x0044a000) > librt.so.1 => /lib/librt.so.1 (0x00a6) > libc.so.6 => /lib/libc.so.6 (0x001e5000) > libdl.so.2 => /lib/libdl.so.2 (0x003a9000) > libpthread.so.0 => /lib/libpthread.so.0 (0x009d) > /lib/ld-linu22x.so.2 (0x00d77000) > > There's no libdcrypt_openssl.so in Dovecot 2.2.24, so I guess > with the newly introduced dcrypt stuff something with SSL went wrong. > > Would be great if that could be fixed so that SSL works again. > > Thanks a lot in advance ... Andreas Hi! Can you try the attached patch out? --- Aki Tuomi Dovecot oy From e20fab54f9ff0aa220a8147d82497606788f Mon Sep 17 00:00:00 2001 From: Aki TuomiDate: Mon, 8 Aug 2016 15:31:50 +0300 Subject: [PATCH] OpenSSL: link against OpenSSL libs explicitly --- src/lib-dcrypt/Makefile.am | 1 + src/lib-ssl-iostream/Makefile.am | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lib-dcrypt/Makefile.am b/src/lib-dcrypt/Makefile.am index 62c4625..fefb3ed 100644 --- a/src/lib-dcrypt/Makefile.am +++ b/src/lib-dcrypt/Makefile.am @@ -18,6 +18,7 @@ if BUILD_OPENSSL pkglib_LTLIBRARIES += libdcrypt_openssl.la libdcrypt_openssl_la_SOURCES = dcrypt-openssl.c dcrypt.c libdcrypt_openssl_la_LDFLAGS = -module -avoid-version -shared ../lib-ssl-iostream/libdovecot_openssl_common.la ../lib/liblib.la +libdcrypt_openssl_la_LIBADD = $(SSL_LIBS) libdcrypt_openssl_la_DEPENDENCIES = ../lib-ssl-iostream/libdovecot_openssl_common.la ../lib/liblib.la libdcrypt_openssl_la_CFLAGS = $(AM_CPPFLAGS) \ -DDCRYPT_MODULE_DIR=\"$(pkglibdir)\" diff --git a/src/lib-ssl-iostream/Makefile.am b/src/lib-ssl-iostream/Makefile.am index 769de87..86555d5 100644 --- a/src/lib-ssl-iostream/Makefile.am +++ b/src/lib-ssl-iostream/Makefile.am @@ -16,7 +16,7 @@ libdovecot_openssl_common_la_SOURCES = \ dovecot-openssl-common.c libssl_iostream_openssl_la_LDFLAGS = -module -avoid-version -libssl_iostream_openssl_la_LIBADD = libdovecot_openssl_common.la +libssl_iostream_openssl_la_LIBADD = libdovecot_openssl_common.la $(SSL_LIBS) libssl_iostream_openssl_la_SOURCES = \ iostream-openssl.c \ iostream-openssl-common.c \ -- 2.1.4
Re: Dovecot 2.2.25 fails on SSL
On 04.07.2016 02:42, Andreas M. Kirchwitz wrote: > Dear Dovecot developers! > > This problem already existed some years ago, has been fixed, > and now it's there again in Dovecot 2.2.25 (2.2.24 was fine). > > I'm running CentOS 6 with a custom OpenSSL installation in /usr/local/ssl > Therefore, Dovecot is configured like this: > > env SSL_CFLAGS="-I/usr/local/ssl/include" SSL_LIBS="-L/usr/local/ssl/lib > -Wl,-R/usr/local/ssl/lib -lcrypto -lssl" ./configure > --prefix=/usr/local/Dovecot-2.2.25 --with-ssl=openssl > --with-ssldir=/usr/local/Dovecot-2.2.25/etc/dovecot/certs > > With "pkg-config", the same options for SSL are provided. > > "make" and "make install" run just fine, and the daemon starts > without any errors. However, if a user connects on port 993 (IMAPS), > Dovecot logs this failure message to syslog: > > Jul 4 01:08:43 myhost dovecot: ssl-params: Fatal: Couldn't load required > plugin /usr/local/Dovecot-2.2.25/lib/dovecot/libssl_iostream_openssl.so: > dlopen() failed: libcrypto.so.1.0.0: cannot open shared object file: No such > file or directory > Jul 4 01:08:43 myhost dovecot: ssl-params: Error: child process failed with > status 22784 > > ldd /usr/local/Dovecot-2.2.25/lib/dovecot/libssl_iostream_openssl.so > linux-gate.so.1 => (0x00e8c000) > libcrypto.so.1.0.0 => not found > libssl.so.1.0.0 => not found > librt.so.1 => /lib/librt.so.1 (0x00be4000) > libc.so.6 => /lib/libc.so.6 (0x001a6000) > libpthread.so.0 => /lib/libpthread.so.0 (0x003e4000) > /lib/ld-linux.so.2 (0x007e7000) > > ldd /usr/local/Dovecot-2.2.25/lib/dovecot/libdcrypt_openssl.so > linux-gate.so.1 => (0x00dca000) > libcrypto.so.1.0.0 => not found > libssl.so.1.0.0 => not found > librt.so.1 => /lib/librt.so.1 (0x00a7a000) > libc.so.6 => /lib/libc.so.6 (0x0016) > libpthread.so.0 => /lib/libpthread.so.0 (0x0072f000) > /lib/ld-linux.so.2 (0x0056) > > When comparing to Dovecot 2.2.24: > > ldd /usr/local/Dovecot-2.2.24/lib/dovecot/libssl_iostream_openssl.so > linux-gate.so.1 => (0x0073d000) > libcrypto.so.1.0.0 => /usr/local/ssl/lib/libcrypto.so.1.0.0 > (0x00b04000) > libssl.so.1.0.0 => /usr/local/ssl/lib/libssl.so.1.0.0 (0x0044a000) > librt.so.1 => /lib/librt.so.1 (0x00a6) > libc.so.6 => /lib/libc.so.6 (0x001e5000) > libdl.so.2 => /lib/libdl.so.2 (0x003a9000) > libpthread.so.0 => /lib/libpthread.so.0 (0x009d) > /lib/ld-linux.so.2 (0x00d77000) > > There's no libdcrypt_openssl.so in Dovecot 2.2.24, so I guess > with the newly introduced dcrypt stuff something with SSL went wrong. > > Would be great if that could be fixed so that SSL works again. > > Thanks a lot in advance ... Andreas Hi! Thank you for your report, we'll look into it! --- Aki Tuomi Dovecot oy