From owner-freebsd-bugs Mon Mar 12 3:50:10 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 04FF537B719 for ; Mon, 12 Mar 2001 03:50:02 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f2CBo1L02189; Mon, 12 Mar 2001 03:50:01 -0800 (PST) (envelope-from gnats) Received: from thehousleys.net (frenchknot.ne.mediaone.net [24.147.224.201]) by hub.freebsd.org (Postfix) with ESMTP id 0E5B637B718 for ; Mon, 12 Mar 2001 03:42:23 -0800 (PST) (envelope-from housley@thehousleys.net) Received: (from root@localhost) by thehousleys.net (8.11.3/8.11.2) id f2CBgBn43687 for freebsd-gnats-submit@freebsd.org; Mon, 12 Mar 2001 06:42:11 -0500 (EST) (envelope-from housley@baby.int.thehousleys.net) Received: from baby.int.thehousleys.net (baby.ipv6.thehousleys.net [3ffe:1ce3:6:0:260:8ff:fea3:7fb2]) by thehousleys.net (8.11.3/8.11.3) with ESMTP id f2CBg9g43679 for ; Mon, 12 Mar 2001 06:42:09 -0500 (EST) (envelope-from housley@baby.int.thehousleys.net) Received: (from housley@localhost) by baby.int.thehousleys.net (8.11.3/8.11.3) id f2CBg9D00715; Mon, 12 Mar 2001 06:42:09 -0500 (EST) (envelope-from housley) Message-Id: <200103121142.f2CBg9D00715@baby.int.thehousleys.net> Date: Mon, 12 Mar 2001 06:42:09 -0500 (EST) From: "James E. Housley" Reply-To: housley@thehousleys.net To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: conf/25734: STARTTLS is enabled by default, but it needs a certificate Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 25734 >Category: conf >Synopsis: STARTTLS is enabled by default, but it needs a certificate >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Mar 12 03:50:01 PST 2001 >Closed-Date: >Last-Modified: >Originator: James E. Housley >Release: FreeBSD 4.3-BETA i386 >Organization: The Housleys dot Net >Environment: System: FreeBSD baby.int.thehousleys.net 4.3-BETA FreeBSD 4.3-BETA #5: Sat Mar 10 12:32:28 EST 2001 root@cat.int.thehousleys.net:/mnt3/obj/usr/src/sys/BABYKERNEL i386 >Description: When adding SASL support to sendmail for SMTP AUTH; STARTTLS becomes active, with the current configuration. STARTTLS needs either an openSSL generated certificate or one from an issuing authority. The first causes warning about unknow issuer and the second cost more then an average user has to spend. However, STARTTLS is not needed for SMTP AUTH to operate. And the attached patch fixes this. >How-To-Repeat: >Fix: Index: usr.sbin/sendmail/Makefile =================================================================== RCS file: /usr/home/FREEBSD_CVS/src/usr.sbin/sendmail/Makefile,v retrieving revision 1.15.2.10 diff -u -r1.15.2.10 Makefile --- usr.sbin/sendmail/Makefile 2001/03/06 01:56:47 1.15.2.10 +++ usr.sbin/sendmail/Makefile 2001/03/12 11:25:47 @@ -50,7 +50,6 @@ !defined(NO_OPENSSL) && !defined(RELEASE_CRUNCH) # STARTTLS support DISTRIBUTION= crypto -CFLAGS+= -DSTARTTLS -D_FFR_TLS_O_T -D_FFR_TLS_1 -D_FFR_TLS_TOREK LDADD+= -lssl -lcrypto DPADD+= ${LIBSSL} ${LIBCRYPTO} .endif Index: etc/defaults/make.conf =================================================================== RCS file: /usr/home/FREEBSD_CVS/src/etc/defaults/make.conf,v retrieving revision 1.97.2.43 diff -u -r1.97.2.43 make.conf --- etc/defaults/make.conf 2001/03/10 03:34:21 1.97.2.43 +++ etc/defaults/make.conf 2001/03/12 11:29:17 @@ -355,6 +355,12 @@ # SENDMAIL_LDFLAGS=-L/usr/local/lib # SENDMAIL_LDADD=-lsasl # +# With SASL support you can enable STARTTLS with the following flags: +# +# SENDMAIL_CFLAGS+=-DSTARTTLS -D_FFR_TLS_O_T -D_FFR_TLS_1 -D_FFR_TLS_TOREK +# +# Note: STARTTLS needs a SSL certificate to function. +# # Note: If you are using Cyrus SASL with other applications which require # access to the sasldb file, you should add '-D_FFR_UNSAFE_SASL' to # SENDMAIL_CFLAGS. Also, add the following to your sendmail.mc file: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message