On 1/15/22 16:57, Manfred Lotz wrote:
> Hi Chris,
>
> On 1/15/22 16:20, chris wrote:
>> On Sat, Jan 15, 2022 at 03:13:05PM +0000, Manfred Lotz wrote:
>>> I thought I test opensmtpd under the upcoming Ubuntu 22.04
>>>
>>> The version is given as opensmtpd 6.8.0p2-4build1. Didn't know about a
>>> 6.8.0 (presumably upcoming) version yet.
>>>
>>> I brought my smtpd.conf to that system and it has a self-signed certificate
>>> like this
>>>
>>> pki desktop cert "/etc/opensmtpd/mail.crt"
>>> pki desktop key "/etc/opensmtpd/mail.key"
>>>
>>> When I now try out both STARTTLS or TLS it doesn't work and in the logs I
>>> see
>>>
>>> Jan 15 09:43:56 hogwart smtpd[67367]: 2583197f438a8fce smtp disconnected
>>> reason="io-error: error:0A080006:SSL routines::EVP lib"
>>>
>>> ldd shows for /usr/sbin/smtpd
>>>
>>> linux-vdso.so.1 (0x00007ffc0617b000)
>>> libdb-5.3.so => /lib/x86_64-linux-gnu/libdb-5.3.so (0x00007f7ab9a35000)
>>> libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f7ab9a19000)
>>> libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3
>>> (0x00007f7ab95d8000)
>>> libssl.so.3 => /lib/x86_64-linux-gnu/libssl.so.3 (0x00007f7ab9534000)
>>> libevent-2.1.so.7 => /lib/x86_64-linux-gnu/libevent-2.1.so.7
>>> (0x00007f7ab94e0000)
>>> libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1
>>> (0x00007f7ab94a6000)
>>> libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2
>>> (0x00007f7ab948f000)
>>> libpam.so.0 => /lib/x86_64-linux-gnu/libpam.so.0 (0x00007f7ab947d000)
>>> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f7ab9255000)
>>> libaudit.so.1 => /lib/x86_64-linux-gnu/libaudit.so.1
>>> (0x00007f7ab9228000)
>>> /lib64/ld-linux-x86-64.so.2 (0x00007f7ab9cb5000)
>>> libcap-ng.so.0 => /lib/x86_64-linux-gnu/libcap-ng.so.0
>>> (0x00007f7ab9220000)
>>>
>>>
>>> Question: Is this an error in OpenSMTPD or is it an ssl library error?
>>>
>>> Thanks.
>>>
>>>
>>> --
>>> Manfred
>>>
>>
>> Hi!
>>
>> Do you have a certificate authority line in your smtpd.conf?
>>
>
> Hm, no. How would it look like for a self signed certificate?
>
>
I think this is a problem on my side because when debugging I get
debug: SSL library error: io_dispatch_accept_tls:SSL_accept: error:020000B3:rsa
routines::missing private key
debug: SSL library error: io_dispatch_accept_tls:SSL_accept:
error:1C880004:Provider routines::RSA lib
debug: SSL library error: io_dispatch_accept_tls:SSL_accept: error:0A080006:SSL
routines::EVP lib
Usually, I use just port 25 so it was no problem in the past.
The question seems to be: how do I properly setup a certificate for an
opensmtpd server on my laptop which is used only by myself.
--
Manfred
