Apologies if I'm reporting this bug wrongly in any way. After updating openssl to 0.9.8h-r1 from 0.9.8g-r2 I found that my imap deamon wouldn't accept SSL connections any more. It failed with: imapd: couriertls: /etc/ssl/certs/2edf7016.1: No such file or directory When I examined the file, I found it was a broken symlink to /etc/ssl/certs/vsign1.pem If I restore the file from backup the imap daemon works without issue. If I re-install 0.9.8g-r2 the file is also restored, I have two different systems effected with this same issue. Here is the emerge --info from one of them: Portage 2.2_rc12 (default/linux/x86/2008.0/desktop, gcc-4.1.2, glibc-2.6.1-r0, 2.6.25-gentoo-r7 i686) ================================================================= System uname: Linux-2.6.25-gentoo-r7-i686-AMD_Athlon-tm-_64_Processor_3200+-with-glibc2.0 Timestamp of tree: Tue, 28 Oct 2008 14:36:12 +0000 ccache version 2.4 [disabled] app-shells/bash: 3.2_p33 dev-java/java-config: 1.3.7, 2.1.6-r1 dev-lang/python: 2.5.2-r8 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 dev-util/cmake: 2.6.2 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.63 sys-devel/automake: 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1-r1 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.23-r3 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=athlon-xp -msse2 -msse3 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -march=athlon-xp -msse2 -msse3 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks parallel-fetch preserve-libs protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="en_GB.UTF-8" LC_ALL="en_GB.UTF-8" LDFLAGS="-Wl,-O1" LINGUAS="en_GB" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/sunrise /usr/portage/local/layman/desktop-effects /usr/local/overlays/maintainer-jcat /usr/local/overlays/sourceforge /usr/local/overlays/googlecode /usr/local/overlays/jcat" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow X a52 aac acl acpi alsa apache2 berkdb bluetooth branding bzip2 cairo cdr cli cracklib crypt cups dbus dri dvb dvd dvdr dvdread eds emboss encode esd evo fam fbdev firefox flac fortran gdbm gif glitz gnome gpm gstreamer gtk gtk2 hal howl iconv imagemagick imap ipod ipv6 isdnlog jpeg kerberos ldap libnotify libwww lirc live mad maildir midi mikmod mmx mozilla mp3 mpeg mudflap musicbrainz mysql nas ncurses network nls nptl nptlonly nsplugin nvidia ogg opengl openmp pam pcre pdf perl png ppds pppd python qt qt3 qt3support qt4 quicktime readline real reflection rtc sasl sdl session spell spl sse sse2 ssl startup-notification svg sysfs tcpd tiff truetype unicode usb vorbis wavpack win32codecs x86 xine xml xorg xulrunner xv xvid xvmc zlib" ALSA_CARDS="snd-intel8x0 usb-audio" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" DVB_CARDS="usb-a800" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_GB" LIRC_DEVICES="devinput" USERLAND="GNU" VIDEO_CARDS="nv nvidia vesa" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS Now, it may just be that SSL auths are not working because the daemon refuses to auth with any broken symlinks in the certs directory. If that's the case, shouldn't the emerge clean these up or warn that things may break until they're cleaned? I have marked this as major, as it seems to break my imap SSL auths, I consider that quite important! :) Please re-prioritise if this is not correct. Thanks in advance :) Cheers, jcat Reproducible: Always Steps to Reproduce: 1. emerge -1av openssl (latest stable) 2. ls -la /etc/ssl/certs/2edf7016.1 /etc/ssl/certs/2edf7016.1 -> vsign1.pem
The only thing that dev-libs/openssl appears to put there is /etc/ssl/certs/README.RootCerts. The other candidate for those certificates would be app-misc/ca-certificates. But the real issue is your imap server - which package does that belong to?
Thats for the reply :) Well, it's like I said, if I re-install the previous openssl the file is restored. This can only mean openssl own the file. This is confirmed with equery: equery b /etc/ssl/certs/vsign1.pem [ Searching for file(s) /etc/ssl/certs/vsign1.pem in *... ] dev-libs/openssl-0.9.8g-r2 (/etc/ssl/certs/vsign1.pem) Hope that helps. Cheers, jcat
Yes, but the problem affects your imap package, so please tell us which it is.
(In reply to comment #3) > Yes, but the problem affects your imap package, so please tell us which it is. > Apologies: net-mail/courier-imap-4.0.6-r2 Cheers, jcat
Thanks.
openssl no longer provides any certs. all certs are part of the ca-certificates package.