[Pkg-openssl-devel] Bug#573889: Bug#573889: libssl0.9.8: unknown message digest algorithm error in dovecot
Richard van den Berg
richard at vdberg.org
Thu Mar 18 23:54:10 UTC 2010
On 18-3-10 00:19 , Kurt Roeckx wrote:
> icedove is not using libssl nor gnutls but uses it's own ssl
> library. So it might not be compatible with the current version.
>
The issue is that the postfix (in my case) and dovecot (Marcus' case)
server components report an error when using 0.9.8m. This is triggered
both by using Thunderbird (I don't run Debian on my desktop) and s_client.
> Can you setting up an s_server and connecting with icedove to
> that?
>
I can, but it is using SSL, not STARTTLS. I do not know how to set up an
s_server that accepts STARTTLS.
I have attached a test key and signed certificate that fails for me in
postfix. It should be easy enough to set up a postfix that triggers the
issue with libssl 0.9.8m. (Btw, I created the req and crt using
libssl0.9.8_0.9.8m-2_amd64.deb.)
smtpd_tls_cert_file = /etc/ssl/certs/test.pem
smtpd_tls_CAfile = /etc/ssl/certs/vdberg.org.ca.pem
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_received_header = yes
smtpd_tls_loglevel = 3
To trigger the issue:
openssl s_client -connect localhost:25 -CAfile
/etc/ssl/certs/vdberg.org.ca.pem -starttls smtp
The error will be in /var/log/mail.log
Richard
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: test.pem
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20100319/88febc92/attachment.asc>
More information about the Pkg-openssl-devel
mailing list