Control: fixed -1 1:2.2.16-1 Hi,
On 23:27 Fri 06 Jan , Juri Vitali wrote: > when configuring a doveadm listener service on a TCP port with SSL > enabled, the server sends only the last certificate on the chain, > instead of the complete chain. > The same server, when being contacted on IMAPS port, correctly sends the > whole > chain. > > This issue is not present on the same upstream version (2.2.13), nor in the > Debian jessie-backport version (1:2.2.26.0-4~bpo8+1), and impacts services as > dsync mailbox replication (it complains about being unable to get issuer or > local issuer certificate, depending on the certificate the sync client > compares against). It appears this is something that happens when dovecot is *built* against OpenSSL 1.0.1. If a package was built against 1.0.2, but runs with >= 1.0.1, then the full chain is sent, as expected. I'm not sure we can do much about it though. Regards, Apollon
