[Pkg-openssl-devel] Bug#573748: Bug#573748: libssl0.9.8: unknown message digest algorithm error in postfix
Kurt Roeckx
kurt at roeckx.be
Sun Mar 14 16:35:08 UTC 2010
reassign 573748 postfix
thanks
On Sun, Mar 14, 2010 at 01:04:23PM +0100, Richard van den Berg wrote:
> On 14-3-10 12:31 , Kurt Roeckx wrote:
> >Can you reproduce it using an s_server and s_client?
>
> Nope, that all seems to work just fine. Maybe a starttls works a
> little different than a straight SSL connection? Port 465 of postfix
> works just fine as well.
>
> # openssl s_server -cert /etc/ssl/certs/postfix.pem -CAfile
> /etc/ssl/certs/vdberg.org.ca.pem
> Using default temp DH parameters
> Using default temp ECDH parameters
> ACCEPT
> -----BEGIN SSL SESSION PARAMETERS-----
> MHUCAQECAgMBBAIAOQQgHDCxbWFXYH/8JtyGH9/S2nnkTG4wpNZAh13Biab0mRsE
> MLFHd4rP2l5k+JTGo5isIDQw5zMV7M9m996pSTVf0uh8DJLIr1FPF6f7UQXuZyor
> p6EGAgRLnM8IogQCAgEspAYEBAEAAAA=
> -----END SSL SESSION PARAMETERS-----
> Shared ciphers:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5
> CIPHER is DHE-RSA-AES256-SHA
>
> $ openssl s_client -connect vdberg.org:4433
You're not passing the -CAfile so you get:
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
[...]
> Verify return code: 19 (self signed certificate in certificate chain)
Anyway, I can't see anything wrong with libssl at this time, so
I'm going to reassign this to postfix instead.
Kurt
More information about the Pkg-openssl-devel
mailing list