Re: STARTTLS wierdness in sendmail 8.12.10-1
On Fri, 19 Sep 2003, Marc-Christian Petersen wrote:
> yes, Solution above. Anyway, even after that, TLS does not work anylonger. I
> always get "verify=NOT" if I try to send mail with my other clients.
> 8.12.9-latest from SID before 8.12.10-1 works fine.
Ok, a short problem update:
* Server (MTA) not attempting to verify Client (MSP or remote)
in /etc/mail/tls/starttls.m4 change the following line from
define(`confTLS_SRV_OPTIONS', `V')dnl # do not request user certs
to
define(`confTLS_SRV_OPTIONS', `')dnl # do request user certs
* Client (MSP, user) failing to verify Server (MTA)
still looking at this one :(
Sep 19 19:45:03 renegade sendmail[11890]: STARTTLS=client,
relay=localhost.badlands.org., version=TLSv1/SSLv3, verify=FAIL,
cipher=DHE-RSA-AES256-SHA, bits=256/256
Sep 19 19:45:03 renegade sm-mta[11894]: STARTTLS=server, relay=localhost
[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL,
cipher=DHE-RSA-AES256-SHA, bits=256/256
Now both fail at verification :(
Do note, however, that the communication is still encrypted - but
verification can be used for relay control
--
Rick Nelson
First off - Quake is simply incredible. It lets you repeatedly kill your
boss in the office without being arrested. :)
-- Signal 11, in a slashdot comment
Reply to: