From nobody Mon Oct 30 08:48:33 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SJn443Ckqz4ysLW; Mon, 30 Oct 2023 08:48:36 +0000 (UTC) (envelope-from michaelo@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SJn442n4yz4JSd; Mon, 30 Oct 2023 08:48:36 +0000 (UTC) (envelope-from michaelo@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698655716; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=d447aXuklCT/Z5uZfA3pbTkPnT21AaYGorQilPtIpYk=; b=RAGVg9lnL6LKe8Ev/ZoCOp2N1wkOyXdTBqlHPLkpnrgswsO1nkcjR9xnigBF7tp6SDDXgc a4ncaoGY/Eol8DtxbVDLL9U3fKSOTQ4lwiO9NN537a+Ieqjt+E7zgWpCSr4gN3qwvSB26r yidTI9hVmI5i4qMwZ7NzgNLfZCmKvLuxruD84RfA1CTYNhpjhMvWvyakzgn1j1imN9vqa3 fjB74woQeqamMw1L9NfKZhpAy0dmBdIPVli5w/vh/Rri5iof7dQkr/g7ExJ25G77FbZDyy YrQdoYP8S9N5hgHfPFfT3TOcgGPi/lGF169dRfvulzVCM5PCRYL/8UUIn6xNug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698655716; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=d447aXuklCT/Z5uZfA3pbTkPnT21AaYGorQilPtIpYk=; b=hFMZfcE8JAlex1IwR3yRePem6851KBrfm4vKxQR9HEJMc2KM4G+anWFuISzw/JIRp+BROQ CczK3vTHAAopj5ZGoPM3tQe0vjy/zvzpPrbsJUYuFe0WJ42LQgMTzCLH4D8IacgjslPHjp NR+Hl9kHtY9WGDGWkv5rKLyx4VoQMkEOYPQmemPSEFE71ZBhLYLm8Rrwr4WJvflynAZX06 jaURmGxo2vjUj6bKEH1g/BaoL/XlZJIIefe4jBXP0XlUPLASMs2v9UnqzmOx/9FgDtahdT L+o8CWk5x6pOe6bBkrCRjjGI9Rzdd8HJTNvwiceZETN0HVHbgz+lqMvLyGIyNg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1698655716; a=rsa-sha256; cv=none; b=ViVoscGcRTI6ZOSIbIMIdHuTfIIZizkokI4JRczNhzuTpHi1laCJuJnzsnul4qdnPPa/mT 1p+QKSCw0F71/9B0Ptul6INTisM8ZN32Z2eu2mSahySToiCljQ8JIWo53TYRhuI1dyURto qhjZrrZzq9s9v7wmoFIXZhnVKFb8JIRUaNVHC/4tF9V2pMp6VQfu4M7kbL2hjRF5e30H7D 9no/NniO4D9/vu24BpSQgspdEj/vTNn4w85OB0WawT60KG7C/6OU8l6gk1NUt2y99O/tuB WyXgxrq4bGMpUFBZWlSurAE6fl+wmvXl9qjIYY/IK4DtWJxcvJkC4dOhORTE5Q== Received: from [147.54.66.219] (unknown [62.156.206.61]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: michaelo/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4SJn4352S7z15Vh; Mon, 30 Oct 2023 08:48:35 +0000 (UTC) (envelope-from michaelo@FreeBSD.org) Message-ID: <7c35d115-905c-4667-8675-54563ea39b82@FreeBSD.org> Date: Mon, 30 Oct 2023 09:48:33 +0100 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 User-Agent: Thunderbird Daily Subject: Re: git: e11bc4726338 - main - mail/opensmtpd: Use the correct OpenSSL idiom to load the trust store. To: ports-committers@FreeBSD.org, =?UTF-8?Q?Dag-Erling_Sm=C3=B8rgrav?= Cc: dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org References: <202310270916.39R9GnN5059370@gitrepo.freebsd.org> Content-Language: en-US From: Michael Osipov In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 2023-10-30 08:38, Pietro Cerutti wrote: > On Oct 27 2023, 09:16 UTC, Dag-Erling Smørgrav wrote: >> The branch main has been updated by des: >> >> URL: https://cgit.FreeBSD.org/ports/commit/? >> id=e11bc472633868a658ecbb8176b2b3ede4ae6e0d >> >> commit e11bc472633868a658ecbb8176b2b3ede4ae6e0d >> Author:     Dag-Erling Smørgrav >> AuthorDate: 2023-10-27 09:16:29 +0000 >> Commit:     Dag-Erling Smørgrav >> CommitDate: 2023-10-27 09:16:43 +0000 >> >>    mail/opensmtpd: Use the correct OpenSSL idiom to load the trust store. >> >>    Fixes:          bde578cbfcf9 >>    PR:             274322 >>    MFH:            2023Q4 >>    Approved by:    fluffy >>    Differential Revision:  https://reviews.freebsd.org/D42123 > > Hi, thanks for working on this. I thought this would be enough to run > OpenSMTPD without ca_root_nss, but apparently that is not the case: > > I upgraded to 7.3.0_2,1, remove ca_root_nss, restarted smtpd, and got > > tls_config_set_ca_file: failed to open CA file '/etc/ssl/cert.pem': No > such file or directory Looking at: https://github.com/search?q=repo%3AOpenSMTPD%2FOpenSMTPD%20tls_default_ca_cert_file&type=code My assessment is that the code is logically wrong. It assumes that tls_default_ca_cert_file() always returns an existing file. I would expect that the caller tests for existence or the function returns NULL if the file does not exist. For my taste, there are too many assumptions here. Please do "touch ..." and see whether this works until the issue is fully resolved. M