[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: STARTTLS wierdness in sendmail 8.12.10-1

On Fri, 19 Sep 2003, Marc-Christian Petersen wrote:

> yes, Solution above. Anyway, even after that, TLS does not work anylonger. I
> always get "verify=NOT" if I try to send mail with my other clients.
> 8.12.9-latest from SID before 8.12.10-1 works fine.

Ok, a short problem update:
	* Server (MTA) not attempting to verify Client (MSP or remote)
	  in /etc/mail/tls/starttls.m4 change the following line from
define(`confTLS_SRV_OPTIONS', `V')dnl          # do not request user certs
	to
define(`confTLS_SRV_OPTIONS', `')dnl           # do request user certs

	* Client (MSP, user) failing to verify Server (MTA)
	  still looking at this one :(
Sep 19 19:45:03 renegade sendmail[11890]: STARTTLS=client,
relay=localhost.badlands.org., version=TLSv1/SSLv3, verify=FAIL,
cipher=DHE-RSA-AES256-SHA, bits=256/256
Sep 19 19:45:03 renegade sm-mta[11894]: STARTTLS=server, relay=localhost
[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL,
cipher=DHE-RSA-AES256-SHA, bits=256/256

	Now both fail at verification :(

Do note, however, that the communication is still encrypted - but
verification can be used for relay control
-- 
Rick Nelson
First off - Quake is simply incredible. It lets you repeatedly kill your
boss in the office without being arrested. :)
        -- Signal 11, in a slashdot comment
Reply to: