Hi,
In our postfix server, we see
SSL_accept error from hgrs-mail01.hgrs.tld.dom[161.x.y.z]: 0
Nov 16 08:54:52 ernesto postfix2cc/smtpd[18662]: warning: TLS library
problem: 18662:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1053:SSL alert number 0:
This error message apparently means that the client aborted the handshake
just after receiving the server certificate (see step 14 in the upper half
of the wireshark sessions screenshot - a successful handshake example in the
lower part - there step 17 is how it would continue)
If anybody is interested, I am happy to bilaterally send the .pcap files for
the wireshark session and a screenshot of such wireshark sessions.
The domino-side log can be found below.
One hypothesis is that there is a Lotus Notes Domino bug (LO41163:
IMPROPERLY BUILDING CERT CHAIN WHEN FOREIGN HOST PRESENTS JUST LEAF CERT)
but the problem continued even when not just the leaf but also the leaf +
intermediate or incl. root respectively were sent by the postfix server. So
there must also be another problem.
Any hints how to do a client certificate authentication TLS-handshake
between IBM's v8.51 as the client and openssl on the server side would be
highly appreciated.
Many thanks in advance
Ralf
15.11.2011 14:36:07 [2114:0011-176C] SMTPClient: Connection successful
Checking keyfile certificates:
15.11.2011 14:36:07.45 [2114:0011-176C] SSLCheckCertChain Valid certificate
chain received
15.11.2011 14:36:07.45 [2114:0011-176C] int_MapSSLError Mapping SSL error 0
to 0
15.11.2011 14:36:07.45 [2114:0011-176C] SSL_Handshake Enter
15.11.2011 14:36:07.45 [2114:0011-176C] SSL_Handshake Current Cipher 0x
(Unknown Cipher)
15.11.2011 14:36:07.45 [2114:0011-176C] SSL_Handshake SSL Undetermined
attempt
15.11.2011 14:36:07.45 [2114:0011-176C] SSLAdvanceHandshake Enter Processed
: 0 State: 4
15.11.2011 14:36:07.45 [2114:0011-176C] SSLAdvanceHandshake Enter Processed
: SSL_hello_request
15.11.2011 14:36:07.45 [2114:0011-176C] SSLAdvanceHandshake calling
SSLPrepareAndQueueMessage SSLEncodeClientHello
15.11.2011 14:36:07.45 [2114:0011-176C] SSLAdvanceHandshake Exit State : 5
15.11.2011 14:36:07.45 [2114:0011-176C] S_Write Enter len = 102
Xmt buffer:
...001'..'
15.11.2011 14:36:07.45 [2114:0011-176C] S_Write Switching Endpoint to sync
15.11.2011 14:36:07.45 [2114:0011-176C] S_Write Posting a nti_snd for 102
bytes
15.11.2011 14:36:07.45 [2114:0011-176C] SSL_EncryptData SSL not init exit
15.11.2011 14:36:07.45 [2114:0011-176C] S_Write Switching Endpoint to async
15.11.2011 14:36:07.45 [2114:0011-176C] SSL_EncryptDataCleanup SSL not init
exit
15.11.2011 14:36:07.45 [2114:0011-176C] S_Write nti_done return 102 bytes
rc = 0
15.11.2011 14:36:07.45 [2114:0011-176C] S_Write Exit, wrote 102 bytes
15.11.2011 14:36:07.45 [2114:0011-176C] S_Read Enter len = 5
15.11.2011 14:36:07.45 [2114:0011-176C] S_Read Switching Endpoint to sync
15.11.2011 14:36:07.45 [2114:0011-176C] S_Read Posting a nti_rcv for 5
bytes
15.11.2011 14:36:07.45 [2114:0011-176C] SSL_RcvSetup SSL not init exit
15.11.2011 14:36:07.47 [2114:0011-176C] S_Read Switching Endpoint to async
15.11.2011 14:36:07.47 [2114:0011-176C] S_Read nti_done return 5 bytes rc =
0
Rcv buffer:
: 00'.'
15.11.2011 14:36:07.47 [2114:0011-176C] S_Read Exit, read 5 bytes
15.11.2011 14:36:07.47 [2114:0011-176C] S_Read Enter len = 74
15.11.2011 14:36:07.47 [2114:0011-176C] S_Read Switching Endpoint to sync
15.11.2011 14:36:07.47 [2114:0011-176C] S_Read Posting a nti_rcv for 74
bytes
15.11.2011 14:36:07.47 [2114:0011-176C] SSL_RcvSetup SSL not init exit
15.11.2011 14:36:07.47 [2114:0011-176C] S_Read Switching Endpoint to async
15.11.2011 14:36:07.47 [2114:0011-176C] S_Read nti_done return 74 bytes rc
= 0
Rcv buffer:
-- 64 (0x0040) bytes of 0 --
15.11.2011 14:36:07.47 [2114:0011-176C] S_Read Exit, read 74 bytes
15.11.2011 14:36:07.47 [2114:0011-176C] SSLProcessProtocolMessage Record
Content: 22
15.11.2011 14:36:07.47 [2114:0011-176C] SSLProcessHandshakeMessage Enter
Message: 2 State: 5 Key Exchange: 0 Cipher: 0x (Unknown Cipher)
15.11.2011 14:36:07.47 [2114:0011-176C] SSLProcessHandshakeMessage Enter
Message: SSL_server_hello
15.11.2011 14:36:07.47 [2114:0011-176C] SSLProcessHandshakeMessage Exit
Message: 2 State: 5 Key Exchange: 1 Cipher: 0x0004 (RSA_WITH_RC4_128_MD5)
15.11.2011 14:36:07.47 [2114:0011-176C] SSLAdvanceHandshake Enter Processed
: 2 State: 5
15.11.2011 14:36:07.47 [2114:0011-176C] SSLAdvanceHandshake Enter Processed
: SSL_server_hello
15.11.2011 14:36:07.47 [2114:0011-176C] SSLAdvanceHandshake Exit State : 8
15.11.2011 14:36:07.47 [2114:0011-176C] SSL_Handshake After handshake
state= 8 Status= -5000
15.11.2011 14:36:07.47 [2114:0011-176C] SSL_Handshake Exit Status = -5000
15.11.2011 14:36:07.47 [2114:0011-176C] int_MapSSLError Mapping SSL error
-5000 to 4176
15.11.2011 14:36:07.47 [2114:0011-176C] SSL_Handshake Enter
15.11.2011 14:36:07.47