reassign 573748 postfix thanks On Sun, Mar 14, 2010 at 01:04:23PM +0100, Richard van den Berg wrote: > On 14-3-10 12:31 , Kurt Roeckx wrote: > >Can you reproduce it using an s_server and s_client? > > Nope, that all seems to work just fine. Maybe a starttls works a > little different than a straight SSL connection? Port 465 of postfix > works just fine as well. > > # openssl s_server -cert /etc/ssl/certs/postfix.pem -CAfile > /etc/ssl/certs/vdberg.org.ca.pem > Using default temp DH parameters > Using default temp ECDH parameters > ACCEPT > -----BEGIN SSL SESSION PARAMETERS----- > MHUCAQECAgMBBAIAOQQgHDCxbWFXYH/8JtyGH9/S2nnkTG4wpNZAh13Biab0mRsE > MLFHd4rP2l5k+JTGo5isIDQw5zMV7M9m996pSTVf0uh8DJLIr1FPF6f7UQXuZyor > p6EGAgRLnM8IogQCAgEspAYEBAEAAAA= > -----END SSL SESSION PARAMETERS----- > Shared > ciphers:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5 > CIPHER is DHE-RSA-AES256-SHA > > $ openssl s_client -connect vdberg.org:4433
You're not passing the -CAfile so you get: > verify error:num=19:self signed certificate in certificate chain > verify return:0 [...] > Verify return code: 19 (self signed certificate in certificate chain) Anyway, I can't see anything wrong with libssl at this time, so I'm going to reassign this to postfix instead. Kurt -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
