On Wed, Aug 22, 2012 at 9:24 AM, Ben Johnson <ben@xxxxxxxxxxxxxxxx> wrote: > > > On 8/22/2012 8:56 AM, Eric Covener wrote: >>> Dovecot dropped its TLS capabilities, but it still started >>> the server and bound to the non-secure port. >> >> I'd personally prefer the server fail startup rather than operate w/o SSL. > > While that may be, this preference should not be assumed. Even if the > current behavior (failing to start under said circumstances) is made the > default, I would prefer this to be a configurable behavior. I'd suggest opening a bug/bugs if there's not already one. mod_ssl doesn't load keys during config test. > > My post's primary purpose was to underscore the fact that Apache fails > *silently* under the key/cert mismatch scenario. > > Perhaps with a sufficiently high log-level this error would be revealed. > But even if that is so, such a critical failure should be logged > regardless of the setting. I get this in 2.2: [Wed Aug 22 09:32:44 2012] [error] Unable to configure RSA server private key [Wed Aug 22 09:32:44 2012] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch In 2.4 it's even higher severity (emerg) and has a few more messages. But maybe your scenario is different. What was your LogLevel? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|