Thorsten Habich:
> If I remember correctly the certificate verification with connection
> reuse (so the tlsproxy gets involved) was fixed with:
>
> 20200620
>
> ??? Bugfix (introduced: Postfix 3.4): SMTP over TLS connection
> ??? reuse was broken for configurations that use explicit trust
> ???
On Thu, Aug 20, 2020 at 04:59:49PM +0300, Thorsten Habich wrote:
> > - Do FAILURES happen ONLY after a session is RESUMED.
>
> Sorry, no. The first connection decides if the problem occurs or not.
> If the session is resumed the error only occurs *if the first
> connection failed*.
Thanks for
On 8/20/2020 2:38 PM, Wietse Venema wrote:
> Thorsten Habich:
>> On 8/19/2020 4:31 PM, Viktor Dukhovni wrote:
>>> Do *resumed* sessions always fail to validate? Or is that intermittent?
>> As far as I could see resumed sessions that failed keep failing
> That's not what he asked.
>
> What he
On 8/20/2020 2:38 PM, Wietse Venema wrote:
> Thorsten Habich:
>> On 8/19/2020 4:31 PM, Viktor Dukhovni wrote:
>>> Do *resumed* sessions always fail to validate? Or is that intermittent?
>> As far as I could see resumed sessions that failed keep failing
> That's not what he asked.
>
> What he
Thorsten Habich:
>
> On 8/19/2020 4:31 PM, Viktor Dukhovni wrote:
> >
> > Do *resumed* sessions always fail to validate? Or is that intermittent?
>
> As far as I could see resumed sessions that failed keep failing
That's not what he asked.
What he asked is:
- Do FAILURES happen ONLY after a
On 8/19/2020 4:31 PM, Viktor Dukhovni wrote:
>
> Do *resumed* sessions always fail to validate? Or is that intermittent?
As far as I could see resumed sessions that failed keep failing
(probably until the session cache expires) but I had to restart the
Postfix most times before that happened.
On Wed, Aug 19, 2020 at 10:52:20AM +0300, Thorsten Habich wrote:
> > > the certificate verification with TA file option still occasionally fails:
> > How is the use of a TA file relevant here?
>
> It only happens with the domains configured with TA file option.
Do *resumed* sessions always fail
On 8/14/2020 8:22 PM, Viktor Dukhovni wrote:
> On Fri, Aug 14, 2020 at 02:30:03PM +0300, Thorsten Habich wrote:
>
>> the certificate verification with TA file option still occasionally fails:
> How is the use of a TA file relevant here?
It only happens with the domains configured with TA file
On Fri, Aug 14, 2020 at 02:30:03PM +0300, Thorsten Habich wrote:
> the certificate verification with TA file option still occasionally fails:
How is the use of a TA file relevant here?
> 2020-08-13T07:39:39.007186+02:00 server postfix/tlsproxy[47119]:
> certificate verification failed for
Thorsten Habich:
> Hello,
>
> the certificate verification with TA file option still occasionally fails:
>
> 2020-08-13T07:39:39.007186+02:00 server postfix/tlsproxy[47119]:
> certificate verification failed for remote.domain.tld[10.11.12.13]:25:
> untrusted issuer /C=PL/O=Unizeto Sp. z
Hello,
the certificate verification with TA file option still occasionally fails:
2020-08-13T07:39:39.007186+02:00 server postfix/tlsproxy[47119]:
certificate verification failed for remote.domain.tld[10.11.12.13]:25:
untrusted issuer /C=PL/O=Unizeto Sp. z o.o./CN=Certum CA
Hello,
the certificate verification with TA file option still occasionally fails:
2020-08-13T07:39:39.007186+02:00 server postfix/tlsproxy[47119]:
certificate verification failed for remote.domain.tld[10.11.12.13]:25:
untrusted issuer /C=PL/O=Unizeto Sp. z o.o./CN=Certum CA
Thorsten Habich:
>
> On 6/20/2020 10:15 PM, Wietse Venema wrote:
> > diff '--exclude=man' '--exclude=html' '--exclude=README_FILES'
> > '--exclude=INSTALL' '--exclude=.indent.pro' -r -ur
> > /var/tmp/postfix-3.6-20200610/src/tlsproxy/tlsproxy.c
> > src/tlsproxy/tlsproxy.c
> > ---
Thorsten Habich:
> I increased the log level. Looks like the correct certificate was found
> in the tafile
>
> 2020-06-20T09:38:18.632247+02:00 servername postfix/tlsproxy[17324]:
> mail.somedomain.net[10.11.12.13]:25: depth=1 matched trust anchor
> certificate sha512 digest
>
14 matches
Mail list logo