[ilugd] Re: [LIH]New sendmail breaks STARTTLS
Raj Mathur [9/19/2003 6:55 PM] : Anyone else experiencing STARTTLS weirdness after upgrading Sendmail? I'm not able to have clients authenticate to the server anymore (even when both the client and the server are the same machine) after upgrading Sendmail after the latest advisory. Certificates are self-signed. They haven't expired. Certificate verification fails each time with `self signed certificate' error. See followups to Claus Assmann's posting about 8.12.10 ... [EMAIL PROTECTED] by Marc-Christian Petersen [EMAIL PROTECTED] and Claus' reply. No change in the TLS code, as Claus says ... What error are you getting in your logs? This is from cf/README ... ${verify} holds the result of the verification of the presented cert. Possible values are: OK verification succeeded. NO no cert presented. NOT no cert requested. FAIL cert presented but could not be verified, e.g., the cert of the signing CA is missing. NONE STARTTLS has not been performed. TEMP temporary error occurred. PROTOCOL protocol error occurred (SMTP level). SOFTWARE STARTTLS handshake failed. ___ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
Re: [ilugd] Re: [LIH]New sendmail breaks STARTTLS
Suresh == Suresh Ramasubramanian [EMAIL PROTECTED] writes: Suresh Raj Mathur [9/19/2003 6:55 PM] : Anyone else experiencing STARTTLS weirdness after upgrading Sendmail? I'm not able to have clients authenticate to the server anymore (even when both the client and the server are the same machine) after upgrading Sendmail after the latest advisory. Certificates are self-signed. They haven't expired. Certificate verification fails each time with `self signed certificate' error. Suresh See followups to Claus Assmann's posting about 8.12.10 ... Suresh [EMAIL PROTECTED] by Marc-Christian Suresh Petersen [EMAIL PROTECTED] and Claus' reply. Where can I find this? Suresh No change in the TLS code, as Claus says ... Sucks. Suresh What error are you getting in your logs? This is from Suresh cf/README ... verify=FAIL. -- Raju ${verify} holds the result of the verification of the presented cert. Possible values are: OK verification succeeded. NO no cert presented. NOT no cert requested. FAIL cert presented but could not be verified, e.g., the cert of the signing CA is missing. NONE STARTTLS has not been performed. TEMP temporary error occurred. PROTOCOL protocol error occurred (SMTP level). SOFTWARE STARTTLS handshake failed. -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ___ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
Re: [ilugd] Re: [LIH]New sendmail breaks STARTTLS
Raj Mathur [9/20/2003 9:12 AM] : Where can I find this? Threads on comp.mail.sendmail Suresh What error are you getting in your logs? This is from Suresh cf/README ... verify=FAIL. That is ok - as long as the mail gets through. You'd normally have to present a client CERT signed using the same CA as you used for your self signed CERT for verify=OK, if you are controlling relaying using self signed certs instead of using SMTP AUTH or relaying for specific static IPs. Normally if you are just using a self signed cert to TLS encrypt mail, then it should go through without problem. Like I said, logs please. srs ___ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
Re: [ilugd] Re: [LIH]New sendmail breaks STARTTLS
Raj Mathur [9/20/2003 10:38 AM] : The certificates are OK, they are read when Sendmail starts up, they were working up to yesterday (before the upgrade). BTW, the logs are from my local machine, but the remote server also exhibits the same behaviour. Did you by any chance upgrade openssl in the meantime as well? ___ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd