Date: Mon, 28 Nov 2016 10:35:55 -0800 From: Gregory Shapiro <gshapiro@freebsd.org> To: George Mitchell <george+freebsd@m5p.com> Cc: freebsd-hackers@FreeBSD.org Subject: Re: Sendmail and STARTTLS Message-ID: <20161128183554.GA6716@c02pp3c3fvh8.corp.proofpoint.com> In-Reply-To: <f4ee7a4c-8b8c-2542-20ba-7ef0a42313fa@m5p.com> References: <f4ee7a4c-8b8c-2542-20ba-7ef0a42313fa@m5p.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Received: from mx2.freebsd.org (mx2.freebsd.org [8.8.178.116])
> by mailhost.m5p.com (8.15.2/8.15.2) with ESMTPS id uARD0t70051256
> (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL)
> for <george+freebsd@m5p.com>; Sun, 27 Nov 2016 08:01:01 -0500 (EST)
> (envelope-from owner-freebsd-hackers@freebsd.org)
>
> (When I used the default values, ssl-tools accused me of using a
> weak protocol, so I started experimenting with values gleaned from
> around the net, to no avail so far.)
>
> What am I doing wrong? How can I enter VERIFY=YES nirvana? -- George
Verification is via these settings. You'll need a populated set of root certificates in the directory you pick.
M4 Variable Name Configuration [Default] & Description
================ ============= =======================
confCACERT_PATH CACertPath [undefined] Path to directory with
certificates of CAs which must contain
their hashes as filenames or links.
confCACERT CACertFile [undefined] File containing at least
one CA certificate.
Finally, review section 6.6.1 of op.me:
% gunzip -c /usr/share/doc/smm/08.sendmailop/paper.ascii.gz | less
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20161128183554.GA6716>