Your message dated Fri, 10 Jul 2015 14:01:09 +0200 with message-id <559FB405.3090100@debian.org> and subject line Re: sendmail-bin: does not load all signature algorithms for TLS has caused the Debian Bug report #579563, regarding sendmail-bin: does not load all signature algorithms for TLS to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 579563: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=579563 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: sendmail-bin: does not load all signature algorithms for TLS
- From: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>
- Date: Wed, 28 Apr 2010 16:49:09 +0000
- Message-id: <20100428164908.GA893@crustytoothpaste.ath.cx>
Package: sendmail-bin Version: 8.14.3-9.1 Severity: important Sendmail logs the following: Apr 28 03:02:04 castro sm-mta[3225]: NOQUEUE: connect from localhost [127.0.0.1] Apr 28 03:02:04 castro sm-mta[3225]: o3S324GI003225: Milter (mimedefang): init success to negotiate Apr 28 03:02:04 castro sm-mta[3225]: o3S324GI003225: Milter: connect to filters Apr 28 03:02:04 castro sendmail[3224]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Apr 28 03:02:04 castro sm-mta[3225]: STARTTLS=read: 3225:error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm:a_verify.c:146: Apr 28 03:02:04 castro sm-mta[3225]: STARTTLS: read error=generic SSL error (-1), errno=11, get_error=error:00000000:lib(0):func(0):reason(0), retry=99, ssl_err=1 This appears to be because the certificate used for localhost uses sha512 as a message digest. Sendmail does not call OpenSSL_add_all_algorithms(), which causes OpenSSL not to find the relevant algorithms. You can see the relevant OpenSSL bug report at <http://rt.openssl.org/Ticket/Display.html?id=2197&user=guest&pass=guest>. Sendmail should probably call OpenSSL_add_all_algorithms(). -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187Attachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: 579563-done@bugs.debian.org
- Subject: Re: sendmail-bin: does not load all signature algorithms for TLS
- From: Andreas Beckmann <anbe@debian.org>
- Date: Fri, 10 Jul 2015 14:01:09 +0200
- Message-id: <559FB405.3090100@debian.org>
- In-reply-to: <20100428164908.GA893@crustytoothpaste.ath.cx>
- References: <20100428164908.GA893@crustytoothpaste.ath.cx> <20100428164908.GA893@crustytoothpaste.ath.cx>
Version: 8.14.8-1 On Wed, 28 Apr 2010 16:49:09 +0000 "brian m. carlson" <sandals@crustytoothpaste.ath.cx> wrote: > Sendmail should probably call OpenSSL_add_all_algorithms(). This has been fixed upstream in 8.14.8. Andreas
--- End Message ---