Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1011051: libssl3: upgrade to libssl3 broke my dovecot setup
391 views
Skip to first unread message
Skibbi
May 16, 2022, 3:10:02 AM5/16/22
to
Package: libssl3
Version: 3.0.3-3
Severity: grave
Justification: renders package unusable
After upgrading to libssl3 broke my dovecot setup with following error:
imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate (ssl_cert setting): error:25066067:DSO support routines:dlfcn_load:could not load the shared library: filename(libproviders.so): libproviders.so: cannot open shared object file: No such file or directory, error:25070067:DSO support routines:DSO_load:could not load the shared library, error:0E07506E:configuration file routines:module_load_dso:error loading dso: module=providers, path=providers, error:0E076071:configuration file routines:module_run:unknown module name: module=providers
Commenting out providers = provider_sect in /etc/ssl/openssl.cnf fixes the issue.
I guess this is closely related to the following debian bug: #918727
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.17.0-1-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libssl3 depends on:
ii libc6 2.33-7
libssl3 recommends no packages.
libssl3 suggests no packages.
-- no debconf information
Version: 3.0.3-3
Severity: grave
Justification: renders package unusable
After upgrading to libssl3 broke my dovecot setup with following error:
imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate (ssl_cert setting): error:25066067:DSO support routines:dlfcn_load:could not load the shared library: filename(libproviders.so): libproviders.so: cannot open shared object file: No such file or directory, error:25070067:DSO support routines:DSO_load:could not load the shared library, error:0E07506E:configuration file routines:module_load_dso:error loading dso: module=providers, path=providers, error:0E076071:configuration file routines:module_run:unknown module name: module=providers
Commenting out providers = provider_sect in /etc/ssl/openssl.cnf fixes the issue.
I guess this is closely related to the following debian bug: #918727
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.17.0-1-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libssl3 depends on:
ii libc6 2.33-7
libssl3 recommends no packages.
libssl3 suggests no packages.
-- no debconf information
nona
May 20, 2022, 7:40:02 AM5/20/22
to
I can confirm this bug.
The fix Skibbi proposed enables my mailserver to receive e-mails again. But I cannot login via IMAP receiving the following errors:
# connecting from a laptop to the mail server:
Socket error: secure connect to example.org (1.2.3.4:143): error:1408F10B:SSL routines:ssl3_get_record:wrong version number
# mail server log
/var/log/mail.log:
May 20 13:22:59 mail dovecot: imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate (ssl_cert setting): error:25066067:DSO support routines:dlfcn_load:could not load the shared library: filename(libproviders.so): libproviders.so: cannot open shared object file: No such file or directory, error:25070067:DSO support routines:DSO_load:could not load the shared library, error:0E07506E:configuration file routines:module_load_dso:error loading dso: module=providers, path=providers, error:0E076071:configuration file routines:module_run:unknown module name: module=providers: user=<>, rip=5.6.7.8, lip=1.2.3.4, session=<5vd2tm/faYY+1vxS>
May 20 13:22:59 mail dovecot: imap-login: Disconnected: TLS initialization failed. (no auth attempts in 0 secs): user=<>, rip=5.6.7.8, lip=1.2.3.4, session=<5vd2tm/faYY+1vxS>
May 20 13:22:59 mail dovecot: imap-login: Disconnected: TLS initialization failed. (no auth attempts in 0 secs): user=<>, rip=5.6.7.8, lip=1.2.3.4, session=<5vd2tm/faYY+1vxS>
nb
May 23, 2022, 5:10:03 PM5/23/22
to
Le 2022-05-23 13:08, Nye Liu a écrit :
> Workaround: comment out
>
> providers = provider_sect
>
> in /etc/openssl.cnf
>
> See also https://github.com/nodejs/node/discussions/43184
>
> --
> To unsubscribe, send mail to 1011051-u...@bugs.debian.org.
>
It works!
Just one thing, the file is /etc/ssl/openssl.cnf
> Workaround: comment out
>
> providers = provider_sect
>
> in /etc/openssl.cnf
>
> See also https://github.com/nodejs/node/discussions/43184
>
> --
> To unsubscribe, send mail to 1011051-u...@bugs.debian.org.
>
It works!
Just one thing, the file is /etc/ssl/openssl.cnf
nona
May 24, 2022, 11:00:02 AM5/24/22
to
The proposed workarount in /etc/ssl/openssl.cnf indeed fixes the problem for me as well.
Bernhard Übelacker
Jun 6, 2022, 7:20:02 AM6/6/22
to
On Sat, 21 May 2022 09:42:19 +0200 Gianfranco Costamagna <locutu...@debian.org> wrote:
> Hello,
>
> I think Ubuntu already did cherry-pick a fedora dovecot change for new openssl 3.0
>
> https://patches.ubuntu.com/d/dovecot/dovecot_1:2.3.16+dfsg1-3ubuntu3.patch
>
> Maybe it can fix this specific issue.
>
> G.
The recent dovecot upload contains this fix:
dovecot (1:2.3.19+dfsg1-1) unstable; urgency=medium
* [d223bbd] d/patches: add patch to support openssl 3.0 (Closes: #996273)
https://salsa.debian.org/debian/dovecot/-/commit/d223bbd1d0968ad2b46c4316c102c11bde8c5075
> Hello,
>
> I think Ubuntu already did cherry-pick a fedora dovecot change for new openssl 3.0
>
> https://patches.ubuntu.com/d/dovecot/dovecot_1:2.3.16+dfsg1-3ubuntu3.patch
>
> Maybe it can fix this specific issue.
>
> G.
The recent dovecot upload contains this fix:
dovecot (1:2.3.19+dfsg1-1) unstable; urgency=medium
* [d223bbd] d/patches: add patch to support openssl 3.0 (Closes: #996273)
https://salsa.debian.org/debian/dovecot/-/commit/d223bbd1d0968ad2b46c4316c102c11bde8c5075
Bernhard Übelacker
Jun 8, 2022, 9:40:03 AM6/8/22
to
Am 06.06.22 um 15:50 schrieb Steven Robbins:
> That's good news. Does it mean one can remove the workaround (commenting out
> "providers = provider_sect") ?
Hello Steven,
I guess just if you use the version from unstable.
As far as I see it will still take some time to migrate to testing.
Kind regards,
Bernhard
> That's good news. Does it mean one can remove the workaround (commenting out
> "providers = provider_sect") ?
Hello Steven,
I guess just if you use the version from unstable.
As far as I see it will still take some time to migrate to testing.
Kind regards,
Bernhard
Debian Bug Tracking System
Jun 8, 2022, 5:40:03 PM6/8/22
to
Your message dated Wed, 08 Jun 2022 21:35:13 +0000
with message-id <E1nz3Kb-...@fasolo.debian.org>
and subject line Bug#1011051: fixed in openssl 3.0.3-7
has caused the Debian Bug report #1011051,
regarding libssl3: upgrade to libssl3 broke my dovecot setup
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1011051: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011051
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
with message-id <E1nz3Kb-...@fasolo.debian.org>
and subject line Bug#1011051: fixed in openssl 3.0.3-7
has caused the Debian Bug report #1011051,
regarding libssl3: upgrade to libssl3 broke my dovecot setup
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1011051: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011051
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
0 new messages