Your message dated Fri, 10 Jul 2015 14:01:09 +0200
with message-id <[email protected]>
and subject line Re: sendmail-bin: does not load all signature algorithms for
TLS
has caused the Debian Bug report #579563,
regarding sendmail-bin: does not load all signature algorithms for TLS
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
579563: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=579563
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sendmail-bin
Version: 8.14.3-9.1
Severity: important
Sendmail logs the following:
Apr 28 03:02:04 castro sm-mta[3225]: NOQUEUE: connect from localhost [127.0.0.1]
Apr 28 03:02:04 castro sm-mta[3225]: o3S324GI003225: Milter (mimedefang): init
success to negotiate
Apr 28 03:02:04 castro sm-mta[3225]: o3S324GI003225: Milter: connect to filters
Apr 28 03:02:04 castro sendmail[3224]: STARTTLS=client, relay=[127.0.0.1],
version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Apr 28 03:02:04 castro sm-mta[3225]: STARTTLS=read: 3225:error:0D0C50A1:asn1
encoding routines:ASN1_item_verify:unknown message digest
algorithm:a_verify.c:146:
Apr 28 03:02:04 castro sm-mta[3225]: STARTTLS: read error=generic SSL error
(-1), errno=11, get_error=error:00000000:lib(0):func(0):reason(0), retry=99,
ssl_err=1
This appears to be because the certificate used for localhost uses
sha512 as a message digest. Sendmail does not call
OpenSSL_add_all_algorithms(), which causes OpenSSL not to find the
relevant algorithms. You can see the relevant OpenSSL bug report at
<http://rt.openssl.org/Ticket/Display.html?id=2197&user=guest&pass=guest>.
Sendmail should probably call OpenSSL_add_all_algorithms().
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Version: 8.14.8-1
On Wed, 28 Apr 2010 16:49:09 +0000 "brian m. carlson"
<[email protected]> wrote:
> Sendmail should probably call OpenSSL_add_all_algorithms().
This has been fixed upstream in 8.14.8.
Andreas
--- End Message ---
