Bug 22372

Summary: dovecot Invalid command 'dh
Product: Mageia Reporter: Bit Twister <bittwister2>
Component: RPM PackagesAssignee: Marc Krämer <mageia>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: dovecot-2.3.0-1.mga7.src.rpm CVE:
Status comment:

Description Bit Twister 2018-01-11 13:14:41 CET 
Description of problem: mga7 dev0

Snippet from 
# cat /var/log/dovecot/errors.log
 master: Warning: Killed with signal 15 (by pid=28393 uid=0 code=kill)
 config: Warning: please set ssl_dh=</etc/dovecot/dh.pem
Jconfig: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem

So I pasted it in a root terminal
# dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem
142+0 records in
142+0 records out
142 bytes copied, 0.000124657 s, 1.1 MB/s
Invalid command 'dh'; type "help" for a list.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. As root,
dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem
David Walser 2018-01-11 21:20:48 CET

Assignee: bugsquad => mageia

Comment 1 Marc Krämer 2018-01-11 22:31:23 CET 
man openssl tells me dh is obsoleted and replaced by dhparam.

The config states:
# SSL DH parameters
# Generate new params with `openssl dhparam -out /etc/dovecot/dh.pem 4096`
# Or migrate from old ssl-parameters.dat file with the command dovecot
# gives on startup when ssl_dh is unset.
#ssl_dh = </etc/dovecot/dh.pem

So the "main" problem is, our version of openssl already obsoleted dh, but dhparam works. I'll push a patch, so users don't get irritated.

New package is building, but it changes only the output.

Resolution: (none) => FIXED
Status: NEW => RESOLVED