Hi
Since I upgraded to OpenBSD 5.9 (I think) I've been getting TLS
validation errors in the headers:
TLS version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384
bits=256 verify=NO
Prior to the upgrade I would get verify=YES. (I think it was the
upgrade to OpenBSD 5.9 and whichever OpenSMTPD that comes with it that
did it - it was certainly about that time)
I have now upgraded OpenSMTPD to the current 5.9.2 release and that
makes no difference.
All logging suggests that cert validation is OK (though I note that I
only ever get that message on outgoing lines, and never on incoming)
What does OpenSMTPD use as its default cert store - as far as I can
tell the .conf lacks CAfile or CApath options?
Testing with openssl s_client suggests that my certs are generally in
order
Any clues?
Many thanks
John Cox
Log file:
May 17 08:26:58 azathoth smtpd[18872]: info: OpenSMTPD 5.9.2 starting
May 17 08:27:47 azathoth smtpd[10532]: smtp-in: New session
31086515f45c2260 from host smtp31.cix.co.uk [77.92.64.18]
May 17 08:27:48 azathoth smtpd[10532]: smtp-in: Started TLS on session
31086515f45c2260: version=TLSv1, cipher=DHE-RSA-AES256-SHA, bits=256
May 17 08:27:48 azathoth smtpd[10532]: smtp-in: Accepted message
daa12d76 on session 31086515f45c2260: from=<j...@cix.co.uk>,
to=<j...@uphall.net>, size=793, ndest=1, proto=ESMTP
May 17 08:27:48 azathoth smtpd[10532]: smtp-out: Connecting to
tls://10.44.0.3:25 (yidhra.outer.uphall.net) on session
3108651f4a1f0980...
May 17 08:27:48 azathoth smtpd[10532]: smtp-in: Closing session
31086515f45c2260
May 17 08:27:48 azathoth smtpd[10532]: smtp-out: Connected on session
3108651f4a1f0980
May 17 08:27:48 azathoth smtpd[10532]: smtp-out: Started TLS on
session 3108651f4a1f0980: version=TLSv1.2,
cipher=ECDHE-RSA-CHACHA20-POLY1305, bits=256
May 17 08:27:48 azathoth smtpd[10532]: smtp-out: Server certificate
verification succeeded on session 3108651f4a1f0980
May 17 08:27:48 azathoth smtpd[10532]: relay: Ok for daa12d76fa78afb9:
session=3108651f4a1f0980, from=<j...@cix.co.uk>, to=<j...@uphall.net>,
rcpt=<->, source=46.235.226.138, relay=10.44.0.3
(yidhra.outer.uphall.net), delay=0s, stat=250 2.0.0: f8f2d286 Message
accepted for delivery
May 17 08:27:58 azathoth smtpd[10532]: smtp-out: Closing session
3108651f4a1f0980: 1 message sent.
#
Headers:
Return-Path: j...@cix.co.uk
Delivered-To: j...@uphall.net
Received: from azathoth.uphall.net (azathoth.uphall.net
[46.235.226.138])
by yidhra.outer.uphall.net (OpenSMTPD) with ESMTPS id f8f2d286
TLS version=TLSv1.2 cipher=ECDHE-RSA-CHACHA20-POLY1305
bits=256 verify=NO
for <j...@uphall.net>;
Tue, 17 May 2016 08:27:48 +0100 (BST)
Received: from smtp1.cix.co.uk (smtp31.cix.co.uk [77.92.64.18])
by azathoth.uphall.net (OpenSMTPD) with ESMTPS id daa12d76
TLS version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO
for <j...@uphall.net>;
Tue, 17 May 2016 08:27:48 +0100 (BST)
Received: (qmail 22491 invoked from network); 17 May 2016 07:27:47
-0000
Received: from unknown (HELO Ithaqua.outer.uphall.net) (86.21.189.18)
by smtp1.cix.co.uk with ESMTPS (AES256-SHA encrypted); 17 May 2016
07:27:47 -0000
From: John Cox <j...@cix.co.uk>
To: John home Cox <j...@uphall.net>
Subject: Incoming 2
Date: Tue, 17 May 2016 08:27:47 +0100
Message-ID: <cvhljbt2nr02qi3iaanth6bm759hiqc...@4ax.com>
User-Agent: ForteAgent/7.10.32.1212
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
