subject:"sendmail \+ STARTTLS w\/ evolution = error\:1408A0C1"

Re: sendmail + STARTTLS w/ evolution = error:1408A0C1

2005-06-20 Thread Andy W. Clements


On Wed, 2005-06-15 at 21:17 -0700, Claus Assmann wrote:
> On Wed, Jun 15, 2005, Andy W. Clements wrote:
> 
> > I'm currently having a problem with setting up STARTTLS with my sendmail
> > on my FreeBSD 5.3 box.  I've used openssl to create the cert and key:
> > 
> > openssl dsaparam 1024 -out dsa1024.pem
> > openssl req -x509 -nodes -newkey dsa:dsa1024.pem -out mycert.pem -keyout
> > mykey.pem
> 
> Try an RSA key instead, most systems have problems with DSA
> (sendmail works fine however).
> 


Just thought I would drop a note and say that using RSA instead of DSA
worked.  Thanks Claus!



-- 
Andy Clements
Chief Engineer
C & H Software L.L.C.
[EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: sendmail + STARTTLS w/ evolution = error:1408A0C1

2005-06-15 Thread Claus Assmann

On Wed, Jun 15, 2005, Andy W. Clements wrote:

> I'm currently having a problem with setting up STARTTLS with my sendmail
> on my FreeBSD 5.3 box.  I've used openssl to create the cert and key:
> 
> openssl dsaparam 1024 -out dsa1024.pem
> openssl req -x509 -nodes -newkey dsa:dsa1024.pem -out mycert.pem -keyout
> mykey.pem

Try an RSA key instead, most systems have problems with DSA
(sendmail works fine however).

> Jun 15 13:53:41 zeppo sm-mta[17104]: STARTTLS=server:
> 17104:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
> cipher:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_srvr.c:887:

Typical indication that the client doesn't support DSA.
You can use ssldump to see what's going on.

> I have no ideas what the error message in the sendmail log is telling
> me, can someone give me a clue what needs to be done?

1. See above.
2. See the source code (the OpenSSL error message kindly provides
that information).

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

sendmail + STARTTLS w/ evolution = error:1408A0C1

2005-06-15 Thread Andy W. Clements

Hello All,

I'm currently having a problem with setting up STARTTLS with my sendmail
on my FreeBSD 5.3 box.  I've used openssl to create the cert and key:

openssl dsaparam 1024 -out dsa1024.pem
openssl req -x509 -nodes -newkey dsa:dsa1024.pem -out mycert.pem -keyout
mykey.pem

my version of openssl:
OpenSSL 0.9.7d 17 Mar 2004

I've recompiled sendmail to use ssl and then added the following to my
sendmail.cf:
define(`CERT_DIR', `/etc/mail/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl

However, when I attempt to connect the server with evolution, evolution 
gives me an "unable to connect error."

Sendmail logs the following error:

Jun 15 13:53:41 zeppo sm-mta[17104]: j5FKrfYA017104: Milter: no active
filter
Jun 15 13:53:41 zeppo sm-mta[17104]: STARTTLS=server, error: accept
failed=-1, SSL_error=1, timedout=0, errno=0
Jun 15 13:53:41 zeppo sm-mta[17104]: STARTTLS=server:
17104:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_srvr.c:887:
Jun 15 13:53:41 zeppo sm-mta[17104]: j5FKrfYA017104: [65.125.115.243]
did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA


When I use the openssl client to connect, I get the following results:

misato.awclemen> openssl s_client -starttls smtp -connect
zeppo.candhsoftware.com:25
CONNECTED(0003)
depth=0 /C=US/ST=Arizona/L=Tucson/O=C & H Software
L.L.C./OU=Engineering/CN=zeppo.candhsoftware.com/[EMAIL PROTECTED]
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=Arizona/L=Tucson/O=C & H Software
L.L.C./OU=Engineering/CN=zeppo.candhsoftware.com/[EMAIL PROTECTED]
verify return:1
---
Certificate chain
 0 s:/C=US/ST=Arizona/L=Tucson/O=C & H Software
L.L.C./OU=Engineering/CN=zeppo.candhsoftware.com/[EMAIL PROTECTED]
   i:/C=US/ST=Arizona/L=Tucson/O=C & H Software
L.L.C./OU=Engineering/CN=zeppo.candhsoftware.com/[EMAIL PROTECTED]
---
Server certificate
-BEGIN CERTIFICATE-
MIIEojCCBGKgAwIBAgIBADAJBgcqhkjOOAQDMIGuMQswCQYDVQQGEwJVUzEQMA4G
A1UECBMHQXJpem9uYTEPMA0GA1UEBxMGVHVjc29uMR4wHAYDVQQKFBVDICYgSCBT
b2Z0d2FyZSBMLkwuQy4xFDASBgNVBAsTC0VuZ2luZWVyaW5nMSAwHgYDVQQDExd6
ZXBwby5jYW5kaHNvZnR3YXJlLmNvbTEkMCIGCSqGSIb3DQEJARYVYXdjQGNhbmRo
c29mdHdhcmUuY29tMB4XDTA1MDYxMzIyMDExOVoXDTA2MDYxMzIyMDExOVowga4x
CzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMQ8wDQYDVQQHEwZUdWNzb24x
HjAcBgNVBAoUFUMgJiBIIFNvZnR3YXJlIEwuTC5DLjEUMBIGA1UECxMLRW5naW5l
ZXJpbmcxIDAeBgNVBAMTF3plcHBvLmNhbmRoc29mdHdhcmUuY29tMSQwIgYJKoZI
hvcNAQkBFhVhd2NAY2FuZGhzb2Z0d2FyZS5jb20wggG2MIIBKwYHKoZIzjgEATCC
AR4CgYEAh/GZcaq+qODWgob4GOKQYoFn4/RE6ZVyfXWCqjlao/KjDV1pm1A+HqFb
eK6dU73hGlTijcZF+Iw8onD87rwdO1d/5GS+EBdYTriZYsU8QnJFfaNFY/iHkHof
BNIdvMl6bV56e4iFtwcAghAmBi9ZOn7gEetJYIYpiC/clpwFQasCFQDbWQOf3xN6
OuO3/x0OU2Gb3bShbQKBgA+d3bboMytLRWgGTLI0eNuWQ2j6l9YhO/T8naljgtu3
B5eOivFWvA/DA2Ljslx4pGtQ3xxqUeqGOYAcbfuoir4GZ+Zg6zz8PYxa6Hh9NWLb
RZeT85mPzGbFByGQ/41NOf/kHXKkPut2KPhnmAubfF44sjATk/nGkUufwa7UmDc7
A4GEAAKBgBQHIuOqNm3W35pTAViNelH13POl68dpgMR1hIMNRmb7cMwXv44aStE9
AjtEddLjXHs47pEigkD+9A4VMsqVPolTSyUARKUk/sqiSVq896t0D0WQ2pzQuiRP
BoCi0Zd2SJk/KtpxPVauaPBZSimscNhp2MsBcjNyLnzUQOaY1WVyo4IBDzCCAQsw
HQYDVR0OBBYEFINAkoeJs7TbPCwjksYGq7XKs5CLMIHbBgNVHSMEgdMwgdCAFINA
koeJs7TbPCwjksYGq7XKs5CLoYG0pIGxMIGuMQswCQYDVQQGEwJVUzEQMA4GA1UE
CBMHQXJpem9uYTEPMA0GA1UEBxMGVHVjc29uMR4wHAYDVQQKFBVDICYgSCBTb2Z0
d2FyZSBMLkwuQy4xFDASBgNVBAsTC0VuZ2luZWVyaW5nMSAwHgYDVQQDExd6ZXBw
by5jYW5kaHNvZnR3YXJlLmNvbTEkMCIGCSqGSIb3DQEJARYVYXdjQGNhbmRoc29m
dHdhcmUuY29tggEAMAwGA1UdEwQFMAMBAf8wCQYHKoZIzjgEAwMvADAsAhRyfUoO
9ZLFxZLGsijrAzbCSQLBXwIUfYf/FeKdY/embpVrLnTV942wOuk=
-END CERTIFICATE-
subject=/C=US/ST=Arizona/L=Tucson/O=C & H Software
L.L.C./OU=Engineering/CN=zeppo.candhsoftware.com/[EMAIL PROTECTED]
issuer=/C=US/ST=Arizona/L=Tucson/O=C & H Software
L.L.C./OU=Engineering/CN=zeppo.candhsoftware.com/[EMAIL PROTECTED]
---
Acceptable client certificate CA names
/C=US/ST=Arizona/L=Tucson/O=C & H Software
L.L.C./OU=Engineering/CN=zeppo.candhsoftware.com/[EMAIL PROTECTED]
---
SSL handshake has read 1861 bytes and written 298 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-DSS-AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol  : TLSv1
Cipher: DHE-DSS-AES256-SHA
Session-ID:
28239EBE3C499BDD7E00B2F0FE3A7645E65AC135348B8FE6F4990843579F94F7
Session-ID-ctx:
Master-Key:
5651D294B719C6C19FA743A0EE0EC7B1E00F2AD1AD8E70AD072715165690E0AC919193A5148AE24111BCA86433621264
Key-Arg   : None
Start Time: 1118876232
Timeout   : 300 (sec)
Verify return code: 18 (self signed certificate)
---
220 zeppo.candhsoftware.com ESMTP Sendmail 8.13.1/8.13.1; Wed, 15 Jun
2005 15:41:53 -0700 (MST)
helo misato.candhsoftware.com
250 zeppo.candhsoftware.com Hello [65.125.115.243], pleased to meet you
quit
221 2.

Re: sendmail + STARTTLS w/ evolution = error:1408A0C1

Re: sendmail + STARTTLS w/ evolution = error:1408A0C1

sendmail + STARTTLS w/ evolution = error:1408A0C1

3 matches

Site Navigation

Mail list logo

Footer information