Gregor Best wrote: > Hi people, > > I'm running OpenSMTPD 5.4.3 from -current on my private mail server. After > a recent update, using authentication for sending mail cause smtpd to exit > with exit value 1. A (stripped down) configuration that exhibits the issue > is the following: > > pki "server" certificate "/etc/mail/certs/server.crt" > pki "server" key "/etc/mail/certs/server.key" > > listen on egress port submission tls-require pki "server" auth tag AUTH > accept tagged AUTH from local for any relay > > When running smtpd with that configuration and attempting to send an > email, this is the output I get from smtpd -dv: > > [... Usual smtpd startup for OpenSMTPD 5.4.3 ...] > debug: smtp: new client on listener: 0x768b632a000 > smtp-in: New session 5d471824a3b1c9d2 from host > eduroam-75-222.uni-paderborn.de [131.234.75.222] debug: lka: looking up > pki "server" debug: session_start_ssl: switching to SSL > smtp-in: Started TLS on session 5d471824a3b1c9d2: version=TLSv1/SSLv3, > cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256 smtpd: session_imsg: > unexpected IMSG_LKA_AUTHENTICATE imsg warn: lka -> pony: pipe closed > warn: parent -> pony: pipe closed > warn: mfa -> pony: pipe closed > warn: queue -> pony: pipe closed > warn: control -> pony: pipe closed > warn: scheduler -> control: pipe closed > [... After this, smtpd has exited with status 1 ...] > > The client (mail/msmtp from ports) prints the following: > msmtp: cannot read from TLS connection: a protocol violating EOF occured > > The debug output from msmtp is the following: > > loaded system configuration file /etc/msmtprc > loaded user configuration file /home/gbe/.msmtprc > using account unobtanium from /home/gbe/.msmtprc > host = unobtanium.de > port = 587 > timeout = off > protocol = smtp > domain = localhost > auth = choose > user = gbe > password = * > passwordeval = (not set) > ntlmdomain = (not set) > tls = on > tls_starttls = on > tls_trust_file = (not set) > tls_crl_file = (not set) > tls_fingerprint = > EB:8E:EA:3A:BC:3A:1D:6C:C4:80:5F:FB:A8:24:C8:EB:C8:24:71:5D > tls_key_file = (not set) > tls_cert_file = (not set) > tls_certcheck = on > tls_force_sslv3 = off > tls_min_dh_prime_bits = (not set) > tls_priorities = (not set) > auto_from = off > maildomain = (not set) > from = g...@unobtanium.de > dsn_notify = (not set) > dsn_return = (not set) > keepbcc = off > logfile = /home/gbe/log/msmtp/log > syslog = (not set) > aliases = (not set) > reading recipients from the command line > <-- 220 neon.unobtanium.de ESMTP OpenSMTPD > --> EHLO localhost > <-- 250-neon.unobtanium.de Hello localhost [131.234.75.222], pleased to > meet you <-- 250-8BITMIME > <-- 250-ENHANCEDSTATUSCODES > <-- 250-SIZE 36700160 > <-- 250-DSN > <-- 250-STARTTLS > <-- 250 HELP > --> STARTTLS > <-- 220 2.0.0: Ready to start TLS > TLS certificate information: > Owner: > Common Name: gbe.ring0.de > Issuer: > Common Name: CAcert Class 3 Root > Organization: CAcert Inc. > Organizational unit: http://www.CAcert.org > Validity: > Activation time: Sun Jul 7 18:28:15 2013 > Expiration time: Tue Jul 7 18:28:15 2015 > Fingerprints: > SHA1: > EB:8E:EA:3A:BC:3A:1D:6C:C4:80:5F:FB:A8:24:C8:EB:C8:24:71:5D > MD5: 69:40:AD:DD:02:63:41:C1:67:55:34:3E:63:95:06:6A > --> EHLO localhost > <-- 250-neon.unobtanium.de Hello localhost [131.234.75.222], pleased to > meet you <-- 250-8BITMIME > <-- 250-ENHANCEDSTATUSCODES > <-- 250-SIZE 36700160 > <-- 250-DSN > <-- 250-AUTH PLAIN LOGIN > <-- 250 HELP > --> AUTH PLAIN AGdiZQA0bjRyY2hZXw== > > Yes, the certificate is weird (common name does not match the host name), > but that should not cause the smtp daemon to exit. The setup worked before > my last update, but I can't pinpoint the previous version of OpenSMTPD > because the maillog rotated away before I noticed the issue. > > What am I doing wrong here? And how can I debug this further? >
Is this commit the culprit: http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/cert.pem?rev=1.24