Date: Mon, 12 Mar 2001 06:42:09 -0500 (EST) From: "James E. Housley" <housley@thehousleys.net> To: FreeBSD-gnats-submit@freebsd.org Subject: conf/25734: STARTTLS is enabled by default, but it needs a certificate Message-ID: <200103121142.f2CBg9D00715@baby.int.thehousleys.net>
next in thread | raw e-mail | index | archive | help
>Number: 25734
>Category: conf
>Synopsis: STARTTLS is enabled by default, but it needs a certificate
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Mon Mar 12 03:50:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator: James E. Housley
>Release: FreeBSD 4.3-BETA i386
>Organization:
The Housleys dot Net
>Environment:
System: FreeBSD baby.int.thehousleys.net 4.3-BETA FreeBSD 4.3-BETA #5: Sat Mar 10 12:32:28 EST 2001 root@cat.int.thehousleys.net:/mnt3/obj/usr/src/sys/BABYKERNEL i386
>Description:
When adding SASL support to sendmail for SMTP AUTH; STARTTLS
becomes active, with the current configuration. STARTTLS needs
either an openSSL generated certificate or one from an issuing
authority. The first causes warning about unknow issuer and the
second cost more then an average user has to spend.
However, STARTTLS is not needed for SMTP AUTH to operate. And
the attached patch fixes this.
>How-To-Repeat:
>Fix:
Index: usr.sbin/sendmail/Makefile
===================================================================
RCS file: /usr/home/FREEBSD_CVS/src/usr.sbin/sendmail/Makefile,v
retrieving revision 1.15.2.10
diff -u -r1.15.2.10 Makefile
--- usr.sbin/sendmail/Makefile 2001/03/06 01:56:47 1.15.2.10
+++ usr.sbin/sendmail/Makefile 2001/03/12 11:25:47
@@ -50,7 +50,6 @@
!defined(NO_OPENSSL) && !defined(RELEASE_CRUNCH)
# STARTTLS support
DISTRIBUTION= crypto
-CFLAGS+= -DSTARTTLS -D_FFR_TLS_O_T -D_FFR_TLS_1 -D_FFR_TLS_TOREK
LDADD+= -lssl -lcrypto
DPADD+= ${LIBSSL} ${LIBCRYPTO}
.endif
Index: etc/defaults/make.conf
===================================================================
RCS file: /usr/home/FREEBSD_CVS/src/etc/defaults/make.conf,v
retrieving revision 1.97.2.43
diff -u -r1.97.2.43 make.conf
--- etc/defaults/make.conf 2001/03/10 03:34:21 1.97.2.43
+++ etc/defaults/make.conf 2001/03/12 11:29:17
@@ -355,6 +355,12 @@
# SENDMAIL_LDFLAGS=-L/usr/local/lib
# SENDMAIL_LDADD=-lsasl
#
+# With SASL support you can enable STARTTLS with the following flags:
+#
+# SENDMAIL_CFLAGS+=-DSTARTTLS -D_FFR_TLS_O_T -D_FFR_TLS_1 -D_FFR_TLS_TOREK
+#
+# Note: STARTTLS needs a SSL certificate to function.
+#
# Note: If you are using Cyrus SASL with other applications which require
# access to the sasldb file, you should add '-D_FFR_UNSAFE_SASL' to
# SENDMAIL_CFLAGS. Also, add the following to your sendmail.mc file:
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103121142.f2CBg9D00715>