Re: STARTTLS wierdness in sendmail 8.12.10-1
On Fri, 19 Sep 2003, Marc-Christian Petersen wrote:
> > so, if you get a FAIL message, please check your expiration dates!
> > #openssl x509 -in /etc/mail/tls/sendmail-{server,client}.crt -enddate
>
> that was my first try after I saw "verify=NOT" and it does not help at all, at
> least not for me. My certificates are valid until January 2004!
This might be of assistance:
The result of the verification of the presented
cert; only defined after STARTTLS has been used.
Possible values are:
OK verification succeeded.
NO no cert presented.
NOT no cert requested.
FAIL cert presented but could not be verified,
e.g., the signing CA is missing.
NONE STARTTLS has not been performed.
TEMP temporary error occurred.
PROTOCOL some protocol error occurred.
SOFTWARE STARTTLS handshake failed,
which is a fatal error for this session,
the e-mail will be queued.
So, if you're still getting verify=NOT, sendmail isn't asking for
a certificate to verify !
1) remove the V from confTLS_SRV_OPTIONS in /etc/mail/tls/starttls.m4
2) rebuild sendmail.cf
3) restart sendmail
--
Rick Nelson
<Knghtbrd> hardcopy is for wussies
<Topher> computer program listings....next, on HardCopy
Reply to: