On Fri, Jul 02, 2004 at 10:56:52AM -0400, Ted Zlatanov wrote: > On 1 Jul 2004, [EMAIL PROTECTED] wrote: > > > we are pleased to announce the 20040701 version of qmail-ldap. > > You can get it as ususal from: > > http://www.qmail-ldap.org/qmail/qmail-ldap-1.03-20040701.patch.gz > [...] > > To enable SMTP STARTTLS the path to the cert file needs to be set in > > ~control/smtpcert or set via the env var SSLCERT. > > I did this, and ran into problems with qmail-smtpd: > > 1) When the STARTTLS command is issued, qmail-smtpd fails like so: > > 2004-07-02 10:57:25.510367500 tcpserver: end 6772 status 11 > > and there is nothing in the logs. I set the SSLCERT variable to an > invalid file and that was reported as an error, so I'm sure the SSL > cert is loaded and then an internal error happens. I did not see a > exit(11) anywhere, and there was no 11 exit error code in the headers > that I could see. So I could not figure out what was wrong on my > own, sorry. >
The status is the value returned by wait(2). In other words qmail-smtpd got a SIGSEGV. Sigh... > 2) When the file name was wrong, the error says: > > 2004-07-02 10:57:47.970957500 qmail-smtpd 6783: aborting TLS negotiations, RSA > private key invalid or unable to read ~control/cert.pem > > so the file name in the error is not what the SSLCERT variable says, > it's probably hardcoded. > Yep it was hardcoded. I changed that now, while I'm hunnting that f*%#ing bug. > The STARTTLS command works fine with previous versions of the patch, > so something broke with the 20040701 patch. I'm attaching my cert in > case it's needed for testing, but it worked fine before. The first > problem is much more important to our site. > Yep, I change how the file is loaded, as many asked to make it not hardcoded. -- :wq Claudio
