[SOLVED] Re: Howto delete TLS out of Debian-sendmail?

To: debian-user@lists.debian.org
Subject: [SOLVED] Re: Howto delete TLS out of Debian-sendmail?
From: Martin Mewes <mm@mewes.tv>
Date: Mon, 21 Mar 2005 19:30:35 +0100
Message-id: <[🔎] 200503211930.35861.mm@mewes.tv>
In-reply-to: <[🔎] 200503211048.57665.mm@mewes.tv>
References: <[🔎] 200503211048.57665.mm@mewes.tv>

Hi all,

the problem did not reside in my server, but in one particular remote 
one (webmail.hansenet.de). A friend of our local LUG in Hamburg told me 
this ...

dieter@rubin:~> openssl s_client -connect 213.191.73.2:25 -starttls smtp
CONNECTED(00000003)
depth=0 /O=webmail.hansenet.de/OU=Domain Validated/OU=Go to 
https://www.thawte.com/repository/index.html/OU=Thawte SSL123 
certificate/CN=webmail.hansenet.de
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /O=webmail.hansenet.de/OU=Domain Validated/OU=Go to 
https://www.thawte.com/repository/index.html/OU=Thawte SSL123 
certificate/CN=webmail.hansenet.de
verify error:num=27:certificate not trusted
verify return:1
depth=0 /O=webmail.hansenet.de/OU=Domain Validated/OU=Go to 
https://www.thawte.com/repository/index.html/OU=Thawte SSL123 
certificate/CN=webmail.hansenet.de
verify error:num=21:unable to verify the first certificate
verify return:1
quit

In contrary to

dieter@rubin:~> openssl s_client -connect mail.gmx.net:25 -starttls smtp
CONNECTED(00000003)
depth=0 /C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=mail.gmx.net
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=mail.gmx.net
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=mail.gmx.net
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=mail.gmx.net
   i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting 
cc/OU=Certification Services Division/CN=Thawte Server 
CA/emailAddress=server-certs@thawte.com
---
Server certificate
-----BEGIN CERTIFICATE-----
[ Code of the certificate ]
-----END CERTIFICATE-----

subject=/C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=mail.gmx.net
issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting 
cc/OU=Certification Services Division/CN=Thawte Server 
CA/emailAddress=server-certs@thawte.com
---
No client certificate CA names sent
---
SSL handshake has read 1464 bytes and written 350 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 
82761154B0B758F3E5566E961D6649CB815CE23C91317CE665A191863A6B7FF3
    Session-ID-ctx: 
    Master-Key: 
ED479576316591322B137C97CA64358A98F0B5C911C6D58916E4EA345E1E3A1DD352DFD53FC5DE6B965B3832E143FA37
    Key-Arg   : None
    Start Time: 1111422749
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
220 {mp025} GMX Mailservices ESMTP
quit
221 2.0.0 {mp025} GMX Mailservices
read:errno=0

webmail.hansenet.de does not show the certificate, but only the header. 
That's why a SSL-Session cannot be started.

bis dahin / kind regards

Martin Mewes

-- 
http://webmin.mamemu.de/

Reply to:

References:
- Howto delete TLS out of Debian-sendmail?
  - From: Martin Mewes <mm@mewes.tv>

Prev by Date: Re: Get command line via system calls?
Next by Date: Re: dvd problem
Previous by thread: Howto delete TLS out of Debian-sendmail?
Next by thread: move from 2.4.24 kernel to 2.6.10 gives kernel panic
Index(es):
- Date
- Thread