[Pkg-openssl-devel] Bug#573748: Bug#573748: libssl0.9.8: unknown message digest algorithm error in postfix
Richard van den Berg
richard at vdberg.org
Sun Mar 14 08:23:48 UTC 2010
On 13-3-10 20:19 , Kurt Roeckx wrote:
> This works for me:
> openssl s_client -CAfile ./vdberg.org.ca.pem -connect vdberg.org:26 -starttls smtp
>
Interesting. Does this mean the issue is with postfix only? I checked
the postfix code and there is no use of X509_V_FLAG_CHECK_SS_SIGNATURE
that grep can find. I am running 2.6.5-3 (2.5.5-1.1 had the same issue).
Setting smtpd_tls_loglevel = 3 gives:
Mar 14 08:47:04 majoron postfix/smtpd[31776]: SSL_accept:error in SSLv3
read client certificate A
Mar 14 08:47:04 majoron postfix/smtpd[31776]: SSL_accept error from
82-171-xxx-yyy.ip.telfort.nl[82.171.xxx.yyy]: -1
Mar 14 08:47:04 majoron postfix/smtpd[31776]: warning: TLS library
problem: 31776:error:0D0C50A1:asn1 encoding
routines:ASN1_item_verify:unknown message digest algorithm:a_verify.c:146:
Does this mean the issue is with the client certificate instead of the
server certificate? I am testing with Thunderbird 3.0.3 without any
client certificates, and s_client. Even without the -CAfile the issue is
triggered server side:
openssl s_client -connect vdberg.org:25 -starttls smtp
I'm attaching postfix.pem in case it helps. I can also sign a test
certificate with my CA if needed.
Richard
PS: my server is back to libssl0.9.8_0.9.8k-8 now, so the s_client test
will succeed now
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: postfix.pem
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20100314/788d2d99/attachment.asc>
More information about the Pkg-openssl-devel
mailing list