On 1 Jul 2004, [EMAIL PROTECTED] wrote: > we are pleased to announce the 20040701 version of qmail-ldap. > You can get it as ususal from: > http://www.qmail-ldap.org/qmail/qmail-ldap-1.03-20040701.patch.gz [...] > To enable SMTP STARTTLS the path to the cert file needs to be set in > ~control/smtpcert or set via the env var SSLCERT.
I did this, and ran into problems with qmail-smtpd: 1) When the STARTTLS command is issued, qmail-smtpd fails like so: 2004-07-02 10:57:25.510367500 tcpserver: end 6772 status 11 and there is nothing in the logs. I set the SSLCERT variable to an invalid file and that was reported as an error, so I'm sure the SSL cert is loaded and then an internal error happens. I did not see a exit(11) anywhere, and there was no 11 exit error code in the headers that I could see. So I could not figure out what was wrong on my own, sorry. 2) When the file name was wrong, the error says: 2004-07-02 10:57:47.970957500 qmail-smtpd 6783: aborting TLS negotiations, RSA private key invalid or unable to read ~control/cert.pem so the file name in the error is not what the SSLCERT variable says, it's probably hardcoded. The STARTTLS command works fine with previous versions of the patch, so something broke with the 20040701 patch. I'm attaching my cert in case it's needed for testing, but it worked fine before. The first problem is much more important to our site. Ted
-----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQDNfSVfxm9xjfHfZOp6HQKbFa0hjAYv+OyfW0DGmIyhCGoIB4y5 E3ENFmD+ZPmL7sNlHptI4V5ynz9GiOb6LjWbX0mxwMr8OtDWUrJGm5VSUUpCZ/Nr YcC/ifm1JILQbxmwBZ65QFadcdlv4k/us+5lzyFQ0agtfd61OGH76tllYwIDAQAB AoGAaejghHaQJeTVDyDCQWIGX8xSSYIUBlG0E4ZC4pjpkm31yGGrxBAjKm2oXDXK 8LaE+u9FddDCjy1IvZ/9/GAovBlAUPL3ObhqjRlBfY08SzFRRlbLz06lnzEjHz4n yL+tzZFJ6WgjXleWONPgDNk2gvf4cRfwBKvnKDaXebn7OqECQQDvhdTMkBPlQBiC Ph9sxIi+aG9MVKtj9tOZyjjpcH2Yk3/Ige08kANgQTg0FLvbXsnXV7Vu2xyPDHDO snmsF7/JAkEA25/z6IrIr/6ngOLQYkMmU8bUyjTbWQQ4QIEXiwGJfGRJQYcAmMVi tIlf+CJN1Rg9gDow5klXHTScMYsgrbRJywJAfZ8vUGpwRNgtAoIacS1SmqqjVOFD UpZtvEb3OlepR5B0gHDEP/M4Eg+iro4BSLiaG7sAiTeZ7tyTfZTVg5ChIQJAWCKs gxmOx/Htzm83KPfBncUhB7SGggaLfHdRt1r6jYzBSSagOq6bmc+3T6CUk3uS0q6H iSLNbs76D3fBuXOsWQJAf629/VfoEweXSw9KUM3z3iGe6KubWdSqaAF73VlNL9w3 P03NvpD6nBiZOJk/gUROn2apDYxqoFPifAPE4hKyaQ== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIERTCCA66gAwIBAgIBBjANBgkqhkiG9w0BAQQFADCB1DELMAkGA1UEBhMCVVMx FjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxDzANBgNVBAcTBkJvc3RvbjE4MDYGA1UE ChMvQnJpZ2hhbSBhbmQgV29tZW4ncyBIb3NwaXRhbCBEZXB0LiBvZiBSYWRpb2xv Z3kxHjAcBgNVBAsTFVN1cmdpY2FsIFBsYW5uaW5nIExhYjEcMBoGA1UEAxMTd3d3 LnNwbC5oYXJ2YXJkLmVkdTEkMCIGCSqGSIb3DQEJARYVc3BsY2FAYndoLmhhcnZh cmQuZWR1MB4XDTA0MDUwNjE4NTQ1NFoXDTE5MTAyNTE4NTQ1NFowgZYxCzAJBgNV BAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMQ8wDQYDVQQHEwZCb3N0b24x DDAKBgNVBAoTA1NQTDEMMAoGA1UECxMDU1BMMR0wGwYDVQQDExRzbXRwLnNwbC5o YXJ2YXJkLmVkdTEjMCEGCSqGSIb3DQEJARYUaGVscEBid2guaGFydmFyZC5lZHUw gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM19JV/Gb3GN8d9k6nodApsVrSGM Bi/47J9bQMaYjKEIaggHjLkTcQ0WYP5k+Yvuw2Uem0jhXnKfP0aI5vouNZtfSbHA yvw60NZSskablVJRSkJn82thwL+J+bUkgtBvGbAFnrlAVp1x2W/iT+6z7mXPIVDR qC193rU4Yfvq2WVjAgMBAAGjggFhMIIBXTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIB DQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU+Ylw ifzla1V/D9pYfuU9PQACQCUwggEBBgNVHSMEgfkwgfaAFIuDJYh6aT94xmTTGgEA UqwqLqqLoYHapIHXMIHUMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVz ZXR0czEPMA0GA1UEBxMGQm9zdG9uMTgwNgYDVQQKEy9CcmlnaGFtIGFuZCBXb21l bidzIEhvc3BpdGFsIERlcHQuIG9mIFJhZGlvbG9neTEeMBwGA1UECxMVU3VyZ2lj YWwgUGxhbm5pbmcgTGFiMRwwGgYDVQQDExN3d3cuc3BsLmhhcnZhcmQuZWR1MSQw IgYJKoZIhvcNAQkBFhVzcGxjYUBid2guaGFydmFyZC5lZHWCAQAwDQYJKoZIhvcN AQEEBQADgYEAp92UpmNCBYRC1iHcnIRep4bBFEQdo01H9IfTgHJJ6zW1J6TGEUs4 12sM+3UYPeP/xybguzWzE9OqeLw2RN8WVAUqS8D2qz5IsnwFQxx9eScnnbJ/TRs+ ISGM0Q4/3VY7bbi69HE9sOKt+vQ5R1HAo6x91AGw61aZd2gzKaui7YU= -----END CERTIFICATE-----
