This little quirk drove me crazy for a pretty good part of the afternoon
yesterday..
I was having trouble geting 993/imaps to work.
My imap.conf looks like :
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: jrush
sasl_pwcheck_method: pwcheck
tls_cert_file: /var/imap/server.pem
tls_key_file: /var/imap/server.pem
The error I was getting was this:
:19 int-mail2 imapd[905]: TLS engine: cannot load CA data
Aug 24 09:18:19 int-mail2 imapd[905]: unable to get private key from
'/var/imap/server.pem '
Aug 24 09:18:19 int-mail2 imapd[905]: TLS engine: cannot load cert/key data
Aug 24 09:18:19 int-mail2 imapd[905]: error initializing TLS: [CA_file: ] [CA_path: ]
[cert_file: /var/imap/server.pem] [key_file: /var/imap/server.pem ]
In a act of despiration I did a strace -f on master and found this
interesting tidbit.
906 open("/var/imap/server.pem", O_RDONLY) = 14
906 fstat64(14, {st_mode=S_IFREG|0644, st_size=2440, ...}) = 0
906 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40e52000
906 read(14, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 2440
906 close(14) = 0
906 munmap(0x40e52000, 4096) = 0
906 open("/var/imap/server.pem ", O_RDONLY) = -1 ENOENT (No such file or directory)
906 getpid() = 906
It opens up the server.pem once (presumably to get the certificate) then
it trys again (I assume to get the key) and fails.. Why??
Well after stairing at this output for about 2 minutes it hit me. There
is a space after where I define they tls_key_file AAHH!!! So it is
trying to open "/var/imap/server.pem "
Redhat 7.1
Cyrus imap 2.0.16
Cyrus sasl 1.5.24
Redhat 7.1 rpms of
Openssl-0.9.6-3
Openssl-devel-0.9.6-3
This only seems to be a issue with tls_key_file if you put a space
after tls_cert_file it seems to function properly.. (AFAIK anyway I do
not have this server completely setup so there is no mail on it yet but
you still can check your mailbox without any errors on the client side)
