On Sun, 22 Feb 2015 01:40:19 -0300, Hugo Osvaldo Barrera <[email protected]> said: | On 2015-02-18 20:13, Ashish SHUKLA wrote: || On Mon, 16 Feb 2015 15:20:48 -0300, Hugo Osvaldo Barrera <[email protected]> said:
[...] || || | Feb 16 18:07:02 hydrogen smtpd[98431]: smtp-in: New session 51d5105c9fc4b623 from host hyperion.barrera.io [190.210.108.249] || | Feb 16 18:07:03 hydrogen smtpd[98431]: smtp-in: Disconnecting session 51d5105c9fc4b623: IO error: error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied || || It seems like certificate verification is failing here. || | Why? The client doesn't present any certificate, why is the server validating | it's own certificate? This error is generated from client-side (hyperion.barrera.io). Client failing to validate certificate presented by server seems like a probable cause, but it could be some other factor as well. Basically, client sent "access denied" message which server received. I might be wrong, but so far that's what I've noticed from my past experience dealing with OpenSSL support in other servers. [...] | I deleted ~/.thunderbird from my machine, set the test profile up again, and it | worked fine. I'm amazed at the error message I was getting on the client side - | and even more at why the above message with opensmtpd failing to validate it's | own certificate. | Did I somehow trigger a bug somewhere that I've now lost the capability to | reproduce? If it's indeed the server-side certificate the issue then maybe you can try nuking the certificate from the NSS certificate database, assuming it uses same tools/conventions as Firefox, `certutil' is your friend. HTH -- Ashish SHUKLA “d (Stupidity) / dt = 0” Sent from my Emacs
signature.asc
Description: PGP signature
