After upgrading to OpenSSL 1.0.1h, I've found now that when initiating
startTLS connections to a system linked to OpenSSL 1.0.1h, it always tries
to do certificate auth with the client. This causes a lot of failures, for
example with postfix.
I.e., I initiate a connection to port 587 on the postfix server with
startTLS. Before I even get to the stage of authenticating as a user, it
tries SSL cert auth, and drops the client due to "unknown CA", which, if I
were trying to do cert auth would make sense, but I'm not trying to do cert
auth at all, I'm just trying to connect to the port. Is this a known bug
in 1.0.1h? Any suggestions on how to turn off this sudden new bit to
always try cert auth, regardless of whether or not it is desired?
Thanks!
--Quanah
--
Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org