Package: sendmail-bin Version: 8.14.3-9.1 Severity: important Sendmail logs the following:
Apr 28 03:02:04 castro sm-mta[3225]: NOQUEUE: connect from localhost [127.0.0.1] Apr 28 03:02:04 castro sm-mta[3225]: o3S324GI003225: Milter (mimedefang): init success to negotiate Apr 28 03:02:04 castro sm-mta[3225]: o3S324GI003225: Milter: connect to filters Apr 28 03:02:04 castro sendmail[3224]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Apr 28 03:02:04 castro sm-mta[3225]: STARTTLS=read: 3225:error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm:a_verify.c:146: Apr 28 03:02:04 castro sm-mta[3225]: STARTTLS: read error=generic SSL error (-1), errno=11, get_error=error:00000000:lib(0):func(0):reason(0), retry=99, ssl_err=1 This appears to be because the certificate used for localhost uses sha512 as a message digest. Sendmail does not call OpenSSL_add_all_algorithms(), which causes OpenSSL not to find the relevant algorithms. You can see the relevant OpenSSL bug report at <http://rt.openssl.org/Ticket/Display.html?id=2197&user=guest&pass=guest>. Sendmail should probably call OpenSSL_add_all_algorithms(). -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
