Re: ssl handshake problem with bugs.debian.org?
Harald Dunkel <harald.dunkel@aixigo.com> wrote:
> On 2020-07-27 11:17, Sven Hartge wrote:
>> Debian uses their own CA to sign this certificate, which is fine for
>> SMTP, which normally only uses opportunistic encryption.
>>
>> But if the client SMTP-Server is set to *verify* the certificate, it
>> will fail.
> Certificate verification is optional on my MTA. See the log file.
> AFAICT it ignored the failed certificate check and continued with the
> ssl handshake. *Then* it failed.
Right.
> It would be interesting to know whats written in the log files on
> buxtehude. Are there other similar incidents?
Does your MTA present a client certificate? Maybe buxtehude does not
like that?
When diagnosing SSL errors I also find it helpful to wireshark the
connection to see which side exactly triggers the SSL Alert. That may
help highlight the culprit here.
Grüße,
Sven.
--
Sigmentation fault. Core dumped.
Reply to: