Hi Since I upgraded to OpenBSD 5.9 (I think) I've been getting TLS validation errors in the headers:
TLS version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO Prior to the upgrade I would get verify=YES. (I think it was the upgrade to OpenBSD 5.9 and whichever OpenSMTPD that comes with it that did it - it was certainly about that time) I have now upgraded OpenSMTPD to the current 5.9.2 release and that makes no difference. All logging suggests that cert validation is OK (though I note that I only ever get that message on outgoing lines, and never on incoming) What does OpenSMTPD use as its default cert store - as far as I can tell the .conf lacks CAfile or CApath options? Testing with openssl s_client suggests that my certs are generally in order Any clues? Many thanks John Cox Log file: May 17 08:26:58 azathoth smtpd[18872]: info: OpenSMTPD 5.9.2 starting May 17 08:27:47 azathoth smtpd[10532]: smtp-in: New session 31086515f45c2260 from host smtp31.cix.co.uk [77.92.64.18] May 17 08:27:48 azathoth smtpd[10532]: smtp-in: Started TLS on session 31086515f45c2260: version=TLSv1, cipher=DHE-RSA-AES256-SHA, bits=256 May 17 08:27:48 azathoth smtpd[10532]: smtp-in: Accepted message daa12d76 on session 31086515f45c2260: from=<j...@cix.co.uk>, to=<j...@uphall.net>, size=793, ndest=1, proto=ESMTP May 17 08:27:48 azathoth smtpd[10532]: smtp-out: Connecting to tls://10.44.0.3:25 (yidhra.outer.uphall.net) on session 3108651f4a1f0980... May 17 08:27:48 azathoth smtpd[10532]: smtp-in: Closing session 31086515f45c2260 May 17 08:27:48 azathoth smtpd[10532]: smtp-out: Connected on session 3108651f4a1f0980 May 17 08:27:48 azathoth smtpd[10532]: smtp-out: Started TLS on session 3108651f4a1f0980: version=TLSv1.2, cipher=ECDHE-RSA-CHACHA20-POLY1305, bits=256 May 17 08:27:48 azathoth smtpd[10532]: smtp-out: Server certificate verification succeeded on session 3108651f4a1f0980 May 17 08:27:48 azathoth smtpd[10532]: relay: Ok for daa12d76fa78afb9: session=3108651f4a1f0980, from=<j...@cix.co.uk>, to=<j...@uphall.net>, rcpt=<->, source=46.235.226.138, relay=10.44.0.3 (yidhra.outer.uphall.net), delay=0s, stat=250 2.0.0: f8f2d286 Message accepted for delivery May 17 08:27:58 azathoth smtpd[10532]: smtp-out: Closing session 3108651f4a1f0980: 1 message sent. # Headers: Return-Path: j...@cix.co.uk Delivered-To: j...@uphall.net Received: from azathoth.uphall.net (azathoth.uphall.net [46.235.226.138]) by yidhra.outer.uphall.net (OpenSMTPD) with ESMTPS id f8f2d286 TLS version=TLSv1.2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256 verify=NO for <j...@uphall.net>; Tue, 17 May 2016 08:27:48 +0100 (BST) Received: from smtp1.cix.co.uk (smtp31.cix.co.uk [77.92.64.18]) by azathoth.uphall.net (OpenSMTPD) with ESMTPS id daa12d76 TLS version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO for <j...@uphall.net>; Tue, 17 May 2016 08:27:48 +0100 (BST) Received: (qmail 22491 invoked from network); 17 May 2016 07:27:47 -0000 Received: from unknown (HELO Ithaqua.outer.uphall.net) (86.21.189.18) by smtp1.cix.co.uk with ESMTPS (AES256-SHA encrypted); 17 May 2016 07:27:47 -0000 From: John Cox <j...@cix.co.uk> To: John home Cox <j...@uphall.net> Subject: Incoming 2 Date: Tue, 17 May 2016 08:27:47 +0100 Message-ID: <cvhljbt2nr02qi3iaanth6bm759hiqc...@4ax.com> User-Agent: ForteAgent/7.10.32.1212 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org