Bug#573748: [Pkg-openssl-devel] Bug#573748: libssl0.9.8: unknown message digest algorithm error in postfix

Richard van den Berg Sun, 14 Mar 2010 00:27:43 -0800

On 13-3-10 20:19 , Kurt Roeckx wrote:

This works for me:
openssl s_client -CAfile ./vdberg.org.ca.pem -connect vdberg.org:26 -starttls 
smtp

Interesting. Does this mean the issue is with postfix only? I checkedthe postfix code and there is no use of X509_V_FLAG_CHECK_SS_SIGNATUREthat grep can find. I am running 2.6.5-3 (2.5.5-1.1 had the same issue).Setting smtpd_tls_loglevel = 3 gives:

Mar 14 08:47:04 majoron postfix/smtpd[31776]: SSL_accept:error in SSLv3read client certificate AMar 14 08:47:04 majoron postfix/smtpd[31776]: SSL_accept error from82-171-xxx-yyy.ip.telfort.nl[82.171.xxx.yyy]: -1Mar 14 08:47:04 majoron postfix/smtpd[31776]: warning: TLS libraryproblem: 31776:error:0D0C50A1:asn1 encodingroutines:ASN1_item_verify:unknown message digest algorithm:a_verify.c:146:

Does this mean the issue is with the client certificate instead of theserver certificate? I am testing with Thunderbird 3.0.3 without anyclient certificates, and s_client. Even without the -CAfile the issue istriggered server side:


openssl s_client -connect vdberg.org:25 -starttls smtp

I'm attaching postfix.pem in case it helps. I can also sign a testcertificate with my CA if needed.


Richard

PS: my server is back to libssl0.9.8_0.9.8k-8 now, so the s_client testwill succeed now

Bug#573748: [Pkg-openssl-devel] Bug#573748: libssl0.9.8: unknown message digest algorithm error in postfix

Reply via email to