Hello Guys , Any help / suggestion/work-around is greatly appreciated for this issue.
Thank you all for your help & time . ========================= Thanks Vikas K Vicky On Thu, Oct 11, 2012 at 7:41 PM, The default queue via RT <r...@openssl.org>wrote: > > Greetings, > > This message has been automatically generated in response to the > creation of a trouble ticket regarding: > "Sendmail v8.14.4 is not working with OpenSSL 0.9.8m onwards on > AIX", > a summary of which appears below. > > There is no need to reply to this message right now. Your ticket has been > assigned an ID of [openssl.org #2895]. > > Please include the string: > > [openssl.org #2895] > > in the subject line of all future correspondence about this issue. To do > so, > you may reply to this message. > > Thank you, > r...@openssl.org > > ------------------------------------------------------------------------- > Hello OpenSSL Developers, > > I have an issue related to OpenSSL & Sendmail, in which sendmail is not > working with OpenSSL 0.9.8m onwards and so, I want to report this bug. > > Though, it works fine with OpenSSL 0.9.8k & OpenSSL 0.9.8l but fails with > OpenSSL 0.9.8m ,0.9.8n etc ( till the latest 0.9.8x ) . > Please note that nothing has been changed from the configuration point of > view ( for both OpenSSL as well as Sendmail ) while updating from > OpenSSL 0.9.8k to a version >= 0.9.8m . > > *I am using TLS version of sendmail compiled with STARTTLS & the Operating > System being used is AIX*. > *The Sendmail version is - 8.14.4 .* > > The steps to reproduce the issue are as below - > > 1. *stopsrc -s sendmail* > > 2.* ln -sf /usr/sbin/sendmail_ssl /usr/lib/sendmail * ( to make > sure the sendmail binary compiled with STARTTLS i.e /usr/sbin/sendmail_ssl > will be used ) > > 3. *startsrc -s sendmail -a "-bd -q30" * > > > 4.Now execute the below command on the same machine - > > # *openssl s_client -starttls smtp -connect localhost:25 -CApath > /etc/mail/certs* > CONNECTED(00000004) > 5243082:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake > failure:s23_lib.c:182: <== Error message. > > Also , the following error is beoing logged in the syslog file - > > *Oct 11 02:07:12 vayu10 mail:warn|warning sendmail[5767316]: > STARTTLS=server, error: accept failed=0, SSL_error=1, errno=0, retry=-1, > relay=localhost [127.0.0.1] > Oct 11 02:07:12 vayu10 mail:warn|warning sendmail[5767316]: > STARTTLS=server: 5767316:error:140B6044:SSL > routines:SSL_GET_SERVER_SEND_CERT:internal error:ssl_lib.c:1991: > Oct 11 02:07:12 vayu10 mail:warn|warning sendmail[5767316]: > STARTTLS=server: 5767316:error:1409A044:SSL > routines:SSL3_SEND_SERVER_CERTIFICATE:internal error:s3_srvr.c:2657: > Oct 11 02:07:12 vayu10 mail:info sendmail[5767316]: q9B77C475767316: > localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection > to MTA > * > The same setup is working with older OpenSSL versions 0.9.8k & 0.9.8l .I > noticed some major changes in OpenSSL 0.9.8.m from renegotiation point of > view due to *CVE-2009-3555* . > > I debugged this quite a few times & found that *value of* > *s->s3->tmp.new_cipher > is NULL* which should contain a selected Cipher value. > > Any help is much appreciated. > > ========================= > > Thanks > Vikas K Vicky > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
