On 18-3-10 00:19 , Kurt Roeckx wrote:
icedove is not using libssl nor gnutls but uses it's own ssl
library. So it might not be compatible with the current version.
The issue is that the postfix (in my case) and dovecot (Marcus' case)
server components report an error when using 0.9.8m. This is triggered
both by using Thunderbird (I don't run Debian on my desktop) and s_client.
Can you setting up an s_server and connecting with icedove to
that?
I can, but it is using SSL, not STARTTLS. I do not know how to set up an
s_server that accepts STARTTLS.
I have attached a test key and signed certificate that fails for me in
postfix. It should be easy enough to set up a postfix that triggers the
issue with libssl 0.9.8m. (Btw, I created the req and crt using
libssl0.9.8_0.9.8m-2_amd64.deb.)
smtpd_tls_cert_file = /etc/ssl/certs/test.pem
smtpd_tls_CAfile = /etc/ssl/certs/vdberg.org.ca.pem
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_received_header = yes
smtpd_tls_loglevel = 3
To trigger the issue:
openssl s_client -connect localhost:25 -CAfile
/etc/ssl/certs/vdberg.org.ca.pem -starttls smtp
The error will be in /var/log/mail.log
Richard
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQDdZ+92Gcp5gXKW2yZjgvOn7/OCyVGrRA90see0edxjbwxtWf6K
X/I097eTW0mL7UiQy+wuof5s/CM/orbNrSxKgg1xgBtJ0ikNVDSenO+p+gcvuX9e
Jlicms1U415AYWGGavp6roGicRKibW1trVaga467rGRvlSuo8DPahj7AiwIDAQAB
AoGAUEvZdKN14wsnW76u9XgQld9YGR6aF9rfIBtFRRbM7uLfRulUfyq81KjiUvbQ
fYbYwmqyhVcKxsvKnNGOKpmbbd09lQAYE34rZI81ZnjHb2E+NzpSjO1TuG3i+vdc
Yu6/E0PqER8I7e26vOaaB1COfbb/RiXrr0AOuPBYKRijfcECQQD7LhGHbRTxfSap
pinyRfwi2Baw96nY4DQPsCNfr9hCn3+PzOSzkzzIsyed1eTH48dr8kQN9QUGyw7i
bvj3HkFHAkEA4aeZ5nHZ/bi13jwxIcRjjtSILpiv6NI3wYjOT9DvSAKLLOR2bnVH
r7CeulIFYPLSvEL4o9gNdM7MNm1+M2WInQJAeMFOFhBgGDT1qGvFEL+KlunSBuQa
GLS48q3YY8EzM9xgRC7Z6Gcpusc+jYfuRBcCoafIBfm8n+ZxUnTNZmh6MwJATSlM
fPptek8REX8vpcZL7OlL7/MSI+DOZAVt1ukxCUSlZqJwxPChpLgWbsvhPveJjAqy
jwQwBcM5HVtvjg+oGQJAY1RwQ/7rmxJUbJofQqUg5Tda+14mKMq0/BWzVZAUuVgt
G4kgmWiJ3zkyareNhlb38mnktxJDI3sfc9gP5CjHgQ==
-----END RSA PRIVATE KEY-----
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 7 (0x7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: O=vdberg.org/emailaddress=hostmas...@vdberg.org, L=Voorburg,
ST=Zuid-Holland, C=NL, CN=vdberg.org private CA
Validity
Not Before: Mar 18 23:44:13 2010 GMT
Not After : Jun 26 23:44:13 2010 GMT
Subject: C=NL, ST=Zuid-Holland, O=vdberg.org, CN=test.vdberg.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:dd:67:ef:76:19:ca:79:81:72:96:db:26:63:82:
f3:a7:ef:f3:82:c9:51:ab:44:0f:74:b1:e7:b4:79:
dc:63:6f:0c:6d:59:fe:8a:5f:f2:34:f7:b7:93:5b:
49:8b:ed:48:90:cb:ec:2e:a1:fe:6c:fc:23:3f:a2:
b6:cd:ad:2c:4a:82:0d:71:80:1b:49:d2:29:0d:54:
34:9e:9c:ef:a9:fa:07:2f:b9:7f:5e:26:58:9c:9a:
cd:54:e3:5e:40:61:61:86:6a:fa:7a:ae:81:a2:71:
12:a2:6d:6d:6d:ad:56:a0:6b:8e:bb:ac:64:6f:95:
2b:a8:f0:33:da:86:3e:c0:8b
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
47:87:51:7f:d8:4c:4b:01:6d:7c:9c:fa:61:b8:90:9e:41:d8:
12:6b:56:68:b9:57:39:a9:76:5a:16:06:94:84:76:c8:11:95:
3b:0c:ac:a1:9a:9a:e9:d9:10:50:0c:4c:fc:db:8f:29:a0:1e:
60:13:4c:d6:3e:c3:5c:52:18:bc:48:07:2b:fe:4b:c1:cd:b8:
16:d0:b1:da:b5:12:48:df:95:f3:6d:a0:0f:2f:76:d6:be:51:
f2:01:83:bd:7c:b3:57:a7:64:ae:9e:68:15:b1:98:82:94:e7:
dc:f0:fa:d8:7c:29:98:5e:3a:3f:f1:ed:d7:5b:0e:10:e3:c8:
1c:a5
-----BEGIN CERTIFICATE-----
MIICVTCCAb4CAQcwDQYJKoZIhvcNAQELBQAwgZIxEzARBgNVBAoTCnZkYmVyZy5v
cmcxJDAiBgkqhkiG9w0BCQEWFWhvc3RtYXN0ZXJAdmRiZXJnLm9yZzERMA8GA1UE
BxMIVm9vcmJ1cmcxFTATBgNVBAgTDFp1aWQtSG9sbGFuZDELMAkGA1UEBhMCTkwx
HjAcBgNVBAMTFXZkYmVyZy5vcmcgcHJpdmF0ZSBDQTAeFw0xMDAzMTgyMzQ0MTNa
Fw0xMDA2MjYyMzQ0MTNaMFMxCzAJBgNVBAYTAk5MMRUwEwYDVQQIEwxadWlkLUhv
bGxhbmQxEzARBgNVBAoTCnZkYmVyZy5vcmcxGDAWBgNVBAMTD3Rlc3QudmRiZXJn
Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3WfvdhnKeYFyltsmY4Lz
p+/zgslRq0QPdLHntHncY28MbVn+il/yNPe3k1tJi+1IkMvsLqH+bPwjP6K2za0s
SoINcYAbSdIpDVQ0npzvqfoHL7l/XiZYnJrNVONeQGFhhmr6eq6BonESom1tba1W
oGuOu6xkb5UrqPAz2oY+wIsCAwEAATANBgkqhkiG9w0BAQsFAAOBgQBHh1F/2ExL
AW18nPphuJCeQdgSa1ZouVc5qXZaFgaUhHbIEZU7DKyhmprp2RBQDEz8248poB5g
E0zWPsNcUhi8SAcr/kvBzbgW0LHatRJI35XzbaAPL3bWvlHyAYO9fLNXp2SunmgV
sZiClOfc8PrYfCmYXjo/8e3XWw4Q48gcpQ==
-----END CERTIFICATE-----
