From owner-freebsd-current@FreeBSD.ORG Fri Oct 22 09:31:19 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 02CB816A4CE for ; Fri, 22 Oct 2004 09:31:19 +0000 (GMT) Received: from box7954.elkhouse.de (box7954.elkhouse.de [213.9.79.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 69C8D43D31 for ; Fri, 22 Oct 2004 09:31:18 +0000 (GMT) (envelope-from roman@ontographics.com) Received: from [192.168.1.3] (1Cust147.vr2.fft4.alter.net [149.229.88.147]) (authenticated bits=0) by box7954.elkhouse.de (8.13.1/8.12.9) with ESMTP id i9M9XUkA087646 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 22 Oct 2004 11:33:31 +0200 (CEST) (envelope-from roman@ontographics.com) From: Roman Kennke To: Doug White In-Reply-To: <20041021183638.B41366@carver.gumbysoft.com> References: <1098367360.2123.8.camel@moonlight> <20041021183638.B41366@carver.gumbysoft.com> Content-Type: text/plain Message-Id: <1098437474.669.0.camel@moonlight> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Fri, 22 Oct 2004 11:31:14 +0200 Content-Transfer-Encoding: 7bit cc: freebsd-current@freebsd.org Subject: Re: OpenSSL and Sendmail X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Oct 2004 09:31:19 -0000 Am Fr, den 22.10.2004 schrieb Doug White um 3:38: > On Thu, 21 Oct 2004, Roman Kennke wrote: > > > since I upgraded to 5.3-RC1 (from 5.2.1) I have a problem with OpenSSL > > and Sendmail. > > > > I configured sendmail as described here: > > > > http://www.puresimplicity.net/~hemi/freebsd/sendmail.html > > > > This worked fine with 5.2.1 > > > > Now, when I try to connect to the secure port 465, I get the following > > error in /var/log/maillog: > > > > Oct 21 16:01:10 box7954 sm-mta[33080]: STARTTLS=server: > > 33080:error:140BA0C3:SSL routines:SSL_new:null ssl > > ctx:/usr/src/crypto/openssl/ssl/ssl_lib.c:231: > > Oct 21 16:01:10 box7954 sm-mta[33080]: i9LE1Ak1033080: > > 1Cust147.vr1.dtm1.alter.net [149.229.96.147] did not issue > > MAIL/EXPN/VRFY/ETRN during connection to TLSMTA > > Many TLS problems can be traced to defective or missing certificates. Are > you sure your certs are still valid (haven't expired, still readable, > somewhere where sendmail can find them, etc)? Yes, I double checked this. In the meantime I switched to a slightly different setup, where TSL is enabled on port 25. This seems to work fine. /Roman