Re: OpenSMTPD 7.3.0p0 rc1 -- please test!
On Mon, 5 Jun 2023, Andi Vajda wrote: The build succeeds but running a debug session: sudo ./local/sbin/smtpd -f `pwd`/smtpd.conf -dv fails. I'm not sure how much of my debug logs is appropriate to post here but I could try to build with openssl 3 next ? Same problem with smtpd built with openssl 3.3.1: build succeeds, smtpd.conf is validated OK when running with -n but when I start a debug session with -dv, the server starts but eventually fails but is not saying much about what is failing. It looks like a child process is terminating: warn: lost child: dispatcher terminated; signal 11 I also tried without --with-libevent=/usr/pkg (and yes, I did not forget to stop my 6.8.0p2 server first) Andi.. Andi..
Re: OpenSMTPD 7.3.0p0 rc1 -- please test!
Hi Omar, Thank you for doing this ! More below... On Wed, 31 May 2023, Omar Polo wrote: It's been a while since the last OpenSMTPD-portable release, but here we are. After syncing the portable repository with OpenBSD, plus various miscellaneous portable tweaks, I've talked with Gilles and we both agree it's finally time for a release. I intend to release OpenSMTPD 7.3.0p0 in the next few weeks, around mid June, so I would appreciate if you could give the rc1 a try and confirm that it works as expected. You can find a distribution tarball here, or checkout the release-7.3 branch: https://github.com/OpenSMTPD/OpenSMTPD/releases/download/7.3.0p0-rc1/opensmtpd-7.3.0p0-rc1.tar.gz I tried to build opensmtpd-7.3.0p0-rc2 on NetBSD 9.3 like I did with opensmtpd 6.8.0p2, with libressl: - I first upgraded my libressl build from 3.2.3 to 3.7.3, the latest - then I ran configure as I did for 6.8.0p2: ./configure --prefix=`pwd`/local --with-libssl=/home/vajda/libressl-3.7.3/local --with-libevent=/usr/pkg --with-path-CAfile=/usr/pkg/etc/openssl/certs/ca.crt --with-path-queue=`pwd`/local/var/spool/smtpd --with-path-empty=`pwd`/local/var/empty --with-path-mbox=`pwd`/local/var/mbox --with-path-socket=`pwd`/local/var/run --with-path-pidfile=`pwd`/local/var/run - make then failed with this error: ld: ../../openbsd-compat/libopenbsd.a(by_mem.o): in function `X509_LOOKUP_mem': by_mem.c:(.text+0x1b): undefined reference to `X509_LOOKUP_meth_new' ld: by_mem.c:(.text+0x3d): undefined reference to `X509_LOOKUP_meth_set_ctrl' ld: ../../openbsd-compat/libopenbsd.a(by_mem.o): in function `by_mem_ctrl': by_mem.c:(.text+0x136): undefined reference to `X509_LOOKUP_get_store' ld: by_mem.c:(.text+0x176): undefined reference to `X509_LOOKUP_get_store' Trying with openssl 1.1.1u built from pkgsrc instead: ./configure --prefix=`pwd`/local --with-libssl=/usr/pkg --with-libevent=/usr/pkg --with-path-CAfile=/usr/pkg/etc/openssl/certs/ca.crt --with-path-queue=`pwd`/local/var/spool/smtpd --with-path-empty=`pwd`/local/var/empty --with-path-mbox=`pwd`/local/var/mbox --with-path-socket=`pwd`/local/var/run --with-path-pidfile=`pwd`/local/var/run The build succeeds but running a debug session: sudo ./local/sbin/smtpd -f `pwd`/smtpd.conf -dv fails. I'm not sure how much of my debug logs is appropriate to post here but I could try to build with openssl 3 next ? Andi..
Re: OpenSMTPD 7.3.0p0 rc1 -- please test!
Op 05-06-2023 om 12:52 schreef Omar Polo: On 2023/06/04 11:40:34 +0200, Frank de Bruijn wrote: I built 7.3.0p0 rc2 on Debian Bookworm and it seems to work ok so far. Just one thing: I had to change my smtpd.conf, because starting initially failed with: smtpd: invalid listen option: pki required for tls/smtps My smtpd.conf has four pki sets, because the server serves several domains. Up to now, I never needed to use pki in a listen directive, as OpenSMTPD would pick the correct pki depending on the hostname. It appears this no longer works. Is that a bug or a deliberate change? This was changed in OpenBSD 6.9, from the changelog: Ah, ok. We 'portable users' never got past 6.8. :-) If the latter, what to do now? For the tests, I used one of the pkis in the listen directive, but I really need all four of them. Would specifying them all work? Yes, it's possible to specify more than one `pki' per `listen' directive. Thanks! That should allow me to create a more serious test setup. Regards, Frank
Re: OpenSMTPD 7.3.0p0 rc1 -- please test!
On 2023/06/04 11:40:34 +0200, Frank de Bruijn wrote: > I built 7.3.0p0 rc2 on Debian Bookworm and it seems to work ok so far. > Just one thing: I had to change my smtpd.conf, because starting > initially failed with: > > smtpd: invalid listen option: pki required for tls/smtps > > My smtpd.conf has four pki sets, because the server serves several > domains. Up to now, I never needed to use pki in a listen directive, as > OpenSMTPD would pick the correct pki depending on the hostname. > > It appears this no longer works. Is that a bug or a deliberate change? This was changed in OpenBSD 6.9, from the changelog: : Change the way SNI works in smtpd.conf(5). TLS listeners may be : configured with multiple certificates. The matching is based on the : names included in these certificates. I forgot to go thru the various releases and mention the changes in the changelog. Will try to remember to do that for the release' changelog. > If the latter, what to do now? For the tests, I used one of the pkis in > the listen directive, but I really need all four of them. Would > specifying them all work? Yes, it's possible to specify more than one `pki' per `listen' directive. Thanks for testing! Omar Polo