mysql: SSL support not compiled in (remove ssl_client_ca_file and ssl_client_ca_dir settings)

Description:

Dovecot 2.4.2 - auth-worker: Error: mysql(...): mysql: SSL support not compiled in (remove ssl_client_ca_file and ssl_client_ca_dir settings)

Additional info:

dovecot 2.4.2-4

• package version(s): dovecot 2.4.2-4

• config and/or log files:

   45 sql_driver = mysql
   46
   47 mysql db.idmz.tachtler.net {
   48   host = db.idmz.tachtler.net
   49   port = 3306
   50   user = postfixuser
   51   password = geheim
   52   dbname = postfix
   53   ssl = yes
   54   ssl_client_ca_file = /etc/dovecot/ssl/certs/CAcert.pem
   55   ssl_client_cert_file = /etc/dovecot/ssl/certs/client.idmz.tachtler.net.pem
   56   ssl_client_key_file = /etc/dovecot/ssl/private/client.idmz.tachtler.net.key.pem
   57   ssl_cipher_list = DHE-RSA-AES256-SHA
   58 }

• link to upstream bug report, if any: (If necessary, I would open an additional one. I wanted to check first whether it might be due to the Archlinux package. )

• WITHOUT

   53   ssl = yes
   54   ssl_client_ca_file = /etc/dovecot/ssl/certs/CAcert.pem
   55   ssl_client_cert_file = /etc/dovecot/ssl/certs/client.idmz.tachtler.net.pem
   56   ssl_client_key_file = /etc/dovecot/ssl/private/client.idmz.tachtler.net.key.pem
   57   ssl_cipher_list = DHE-RSA-AES256-SHA

  DB-Connections are working!

Steps to reproduce:

1. Configure dovecot 2.4.2-4 as described above
2. Restart dovecot 2.4.2-4
3. Try send an email (echo "Test-E-Mail" | /usr/sbin/sendmail root)
4. Determine error messages inside

• dovecot 2.4.2-4-Log (systemd-journald)

Dec 22 04:57:38 server dovecot[842]: auth: Error: mysql(db.idmz.tachtler.net): mysql: SSL support not compiled in (remove ssl_client_ca_file and ssl_client_ca_dir settings)
Dec 22 04:57:38 server dovecot[842]: auth-worker: Error: mysql(db.idmz.tachtler.net): mysql: SSL support not compiled in (remove ssl_client_ca_file and ssl_client_ca_dir settings)

1. The MariaDB behind db.idmz.tachter.net could handle SSL-Client connections:

2. Check MariaDB behind db.idmz.tachter.net:

   # /usr/bin/mariadb -h localhost -u [REDACTED] --ssl
   Welcome to the MariaDB monitor.  Commands end with ; or \g.
   Your MariaDB connection id is 1598
   Server version: 11.8.5-MariaDB Arch Linux
   
   Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
   
   Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
   
   MariaDB [(none)]> SHOW SESSION STATUS LIKE 'Ssl_version';
   +---------------+---------+
   | Variable_name | Value   |
   +---------------+---------+
   | Ssl_version   | TLSv1.3 |
   +---------------+---------+
   1 row in set (0.002 sec)
   
   MariaDB [(none)]> SHOW SESSION STATUS LIKE 'Ssl_cipher';
   +---------------+------------------------+
   | Variable_name | Value                  |
   +---------------+------------------------+
   | Ssl_cipher    | TLS_AES_256_GCM_SHA384 |
   +---------------+------------------------+
   1 row in set (0.002 sec)
   
   MariaDB [(none)]> quit
   Bye