[SOLVED] Re: TLS aus Debian-sendmail entfernen

To: debian-user-german@lists.debian.org
Subject: [SOLVED] Re: TLS aus Debian-sendmail entfernen
From: Martin Mewes <mm@mewes.tv>
Date: Mon, 21 Mar 2005 19:28:18 +0100
Message-id: <[🔎] 200503211928.18382.mm@mewes.tv>
In-reply-to: <[🔎] 200503210956.13757.mm@mewes.tv>
References: <[🔎] 200503210919.40238.mm@mewes.tv> <[🔎] 200503210956.13757.mm@mewes.tv>

Hallo,

hat sich alles erledigt.
Das Problem hat nicht mein Server, sondern der entfernte (in diesem Fall 
webmail.hansenet.de) gehabt. Ein HHLUG'ler hat sich des Problems 
angenommen und folgendes heraus gefunden:

dieter@rubin:~> openssl s_client -connect 213.191.73.2:25 -starttls smtp
CONNECTED(00000003)
depth=0 /O=webmail.hansenet.de/OU=Domain Validated/OU=Go to 
https://www.thawte.com/repository/index.html/OU=Thawte SSL123 
certificate/CN=webmail.hansenet.de
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /O=webmail.hansenet.de/OU=Domain Validated/OU=Go to 
https://www.thawte.com/repository/index.html/OU=Thawte SSL123 
certificate/CN=webmail.hansenet.de
verify error:num=27:certificate not trusted
verify return:1
depth=0 /O=webmail.hansenet.de/OU=Domain Validated/OU=Go to 
https://www.thawte.com/repository/index.html/OU=Thawte SSL123 
certificate/CN=webmail.hansenet.de
verify error:num=21:unable to verify the first certificate
verify return:1
quit

Im Gegensatz zu

dieter@rubin:~> openssl s_client -connect mail.gmx.net:25 -starttls smtp
CONNECTED(00000003)
depth=0 /C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=mail.gmx.net
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=mail.gmx.net
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=mail.gmx.net
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=mail.gmx.net
   i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting 
cc/OU=Certification Services Division/CN=Thawte Server 
CA/emailAddress=server-certs@thawte.com
---
Server certificate
-----BEGIN CERTIFICATE-----
[ der Code der Zertifikates ]
-----END CERTIFICATE-----

subject=/C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=mail.gmx.net
issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting 
cc/OU=Certification Services Division/CN=Thawte Server 
CA/emailAddress=server-certs@thawte.com
---
No client certificate CA names sent
---
SSL handshake has read 1464 bytes and written 350 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 
82761154B0B758F3E5566E961D6649CB815CE23C91317CE665A191863A6B7FF3
    Session-ID-ctx: 
    Master-Key: 
ED479576316591322B137C97CA64358A98F0B5C911C6D58916E4EA345E1E3A1DD352DFD53FC5DE6B965B3832E143FA37
    Key-Arg   : None
    Start Time: 1111422749
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
220 {mp025} GMX Mailservices ESMTP
quit
221 2.0.0 {mp025} GMX Mailservices
read:errno=0

webmail.hansenet.de präsentiert sein Zertifikat nicht, sondern nur den 
Header, daher kann auch keine verschlüsselte Session gestartet werden.

bis dahin / kind regards

Martin Mewes

-- 
http://webmin.mamemu.de/

Reply to:

References:
- TLS aus Debian-sendmail entfernen
  - From: Martin Mewes <mm@mewes.tv>
- Re: TLS aus Debian-sendmail entfernen
  - From: Martin Mewes <mm@mewes.tv>

Prev by Date: Re: Tabellenrelationen in mysql grafisch darstellen
Next by Date: Repository - Package-Listing
Previous by thread: Re: TLS aus Debian-sendmail entfernen
Next by thread: Tabellenrelationen in mysql grafisch darstellen
Index(es):
- Date
- Thread