| View previous topic :: View next topic |
| Author |
Message |
elderet
n00b
Joined: 21 Mar 2004
Posts: 9
Location: Göteborg, Sweden
|
 Posted: Sun Jan 08, 2012 10:01 pm Post subject: Problem with imapd-ssl and ca-certificates. [solved] |
 |
|
Hi all! When trying to connect to my mailserver using "SSL (Accept all certificates)" I suddenly get the following error in the system log:
| Code: | Jan 08 22:04:53 [imapd-ssl] couriertls: /etc/ssl/certs/9e6afd31.0: No such file or directory
|
The certificate file in the log message is a symbolic link to a symbolic link to a missing file:
| Code: | /etc/ssl/certs/9e6afd31.0 -> /etc/ssl/certs/Thawte_Time_Stamping_CA.pem
/etc/ssl/certs/Thawte_Time_Stamping_CA.pem -> /usr/share/ca-certificates/mozilla/Thawte_Time_Stamping_CA.crt
ls: cannot access /usr/share/ca-certificates/mozilla/Thawte_Time_Stamping_CA.crt: No such file or directory
|
If I comment out TLS_TRUSTCERTS in /etc/courier-imap/imapd-ssl, the connection is working again:
| Code: |
# TLS_TRUSTCERTS=/etc/ssl/certs
|
(self-signed cert) ...but this does not seem to be the proper way to solve it. Have any of you seen similar problems? Perhaps I just missed an upgrade instruction?
Last edited by elderet on Tue Jan 10, 2012 11:02 pm; edited 1 time in total |
|
| Back to top |
|
 |
Quincy
Apprentice
Joined: 02 Jun 2005
Posts: 201
Location: Germany
|
| Posted: Tue Jan 10, 2012 12:52 am Post subject: |
|
|
I think you're right and missed this upgrade instruction (taken from my build log of app-misc:ca-certificates-20111025):
| Code: | >>> Original instance of package unmerged safely.
* Broken symlink for a certificate at /etc/ssl/certs/64d1f6f4.0
* Broken symlink for a certificate at /etc/ssl/certs/AOL_Time_Warner_Root_Certification_Authority_1.pem
* Broken symlink for a certificate at /etc/ssl/certs/ed9bb25c.0
* Broken symlink for a certificate at /etc/ssl/certs/9e6afd31.0
* Broken symlink for a certificate at /etc/ssl/certs/AOL_Time_Warner_Root_Certification_Authority_2.pem
* Broken symlink for a certificate at /etc/ssl/certs/Thawte_Personal_Freemail_CA.pem
* Broken symlink for a certificate at /etc/ssl/certs/Thawte_Time_Stamping_CA.pem
* Broken symlink for a certificate at /etc/ssl/certs/12ac4d91.0
* You MUST remove the above broken symlinks
* Otherwise any SSL validation that use the directory may fail!
* To batch-remove them, run:
* find -L /etc/ssl/certs/ -type l -exec rm {} +
|
|
|
| Back to top |
|
|
elderet
n00b
Joined: 21 Mar 2004
Posts: 9
Location: Göteborg, Sweden
|
| Posted: Tue Jan 10, 2012 11:13 pm Post subject: |
|
|
Thank you!
Emerging ca-certificates gave a similar result as in your log.
| Code: | | emerge -1 ca-certificates |
...and the problem was solved after running:
| Code: | | find -L /etc/ssl/certs/ -type l -exec rm {} + |
 |
|
| Back to top |
|
|
octavsly
n00b
Joined: 22 Aug 2007
Posts: 23
Location: Eindhoven, HTC
|
| Posted: Fri Aug 02, 2013 10:44 pm Post subject: |
|
|
| elderet wrote: | Thank you!
Emerging ca-certificates gave a similar result as in your log.
| Code: | | emerge -1 ca-certificates |
...and the problem was solved after running:
| Code: | | find -L /etc/ssl/certs/ -type l -exec rm {} + |
|
Why doesn't the ebuild do this? I have spent few hours on this  |
|
| Back to top |
|
|
|
Networking & Security
