Hey Don, > $ openssl s_client --starttls smtp -connect reportbug.debian.org:587 > CONNECTED(00000003) > depth=0 C = NA, ST = NA, L = Ankh Morpork, O = Debian SMTP, OU = Debian SMTP > CA, CN = buxtehude.debian.org, emailAddress = hostmas...@buxtehude.debian.org > verify error:num=20:unable to get local issuer certificate > verify return:1 > depth=0 C = NA, ST = NA, L = Ankh Morpork, O = Debian SMTP, OU = Debian SMTP > CA, CN = buxtehude.debian.org, emailAddress = hostmas...@buxtehude.debian.org > verify error:num=21:unable to verify the first certificate > verify return:1
so it looks like it's a self-issued local certificate? reportbug.d.o advertises STARTTLS in its options morph@zion:~/deb/reportbug$ telnet reportbug.debian.org 587 Trying 2607:f8f0:614:1::1274:39... Connected to buxtehude.debian.org. Escape character is '^]'. he220 buxtehude.debian.org ESMTP Exim 4.89 Tue, 03 Jul 2018 01:12:00 +0000 ehlo sandrotosi.me 250-buxtehude.debian.org Hello sandrotosi.me [2604:2000:e902:f100:a2d0:6b79:bba:e2b5] 250-SIZE 104857600 250-8BITMIME 250-STARTTLS 250 HELP but i'm not sure how it could work if the client cant verify the certs chain. -- Sandro "morph" Tosi My website: http://sandrotosi.me/ Me at Debian: http://wiki.debian.org/SandroTosi G+: https://plus.google.com/u/0/+SandroTosi