This week I upgraded one of my OpenSMTPD email servers to OpenBSD
5.6/OpenSMTPD 5.4.3 and all of a sudden I started having all kinds of TLS
cert verification interoperability problems with my existing FreeBSD
OpenSMTPD 5.4.2 server.
I was pulling my hair out trying to find out what heck was going on. After
much flailing and gnashing of teeth I finally found the answer.
The CAcert root was pulled from OpenBSD 9 months ago, due to "strict
requirements on
redistribution".
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/Attic/cert.pem?rev=1.24&content-type=text/x-cvsweb-markup
This really sucks, because now I have setup my own Root CA for all my
private facing TLS only email servers or fork over yet more $$ to the
worthless commercial cert racket.
I know this wasn't anything directly caused by OpenSMTPD, but if anyone
else is using CAcert.org certs and you're thinking about upgrading from
OpenBSD 5.5 to 5.6, watch out for this.
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
