Re: SMTPS 465

Sun, 14 Apr 2013 10:30:18 -0700 

Le 14/04/2013 17:21, Viktor Dukhovni a écrit :


On Sun, Apr 14, 2013 at 03:57:07PM +0000, Joan Moreau wrote:
Done right, this is sufficient. Your compiler settings must be wrong. Post the exact command you use the create the Postfix "makefiles". make -f Makefile.init makefiles 'CCARGS=-DHAS_PCRE -DHAS_MYSQL -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -UHAS_LDAP -UHAS_IPV6 -DUSE_TLS -I/usr/include/mysql/ -I/usr/include/sasl ' 'AUXLIBS=-L/usr/lib/mysql/ -lmysqlclient -lssl -lcrypto -lz -lm -lpcre -lsasl2' 

This looks OK, but perhaps you're running into DLL hell.
As a sanitty check, what version of OpenSSL provides the header files?

$ grep OPENSSL_VERSION /usr/include/openssl/opensslv.h


# grep OPENSSL_VERSION /usr/include/openssl/opensslv.h
#define OPENSSL_VERSION_NUMBER  0x1000105fL
#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1e-fips 11 Feb 2013"
#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1e 11 Feb 2013"
#define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT





None of these matter. but I don't recall seeing a "postconf -n"

smtpd_tls_CAfile = /etc/ssl/ca-bundle.crt smtpd_tls_CApath = 
/etc/ssl/certs smtpd_tls_ask_ccert = no smtpd_tls_auth_only = yes 
smtpd_tls_cert_file = /etc/ssl/certs/postfix.crt smtpd_tls_key_file = 
/etc/ssl/certs/postfix.key smtpd_tls_loglevel = 2 
smtpd_tls_received_header = yes smtpd_tls_session_cache_database = 
btree:/var/lib/postfix/smtpd_tls_cache smtpd_tls_session_cache_timeout 
= 3600s strict_8bitmime = no strict_rfc821_envelopes = no 
tls_random_source = dev:/dev/urandom


Nothing exciting here, provided this is the correct main.cf, you don't
have anything there that would break TLS ciphers.


2013-04-14T15:26:27.625728+02:00 server postfix/smtpd[20218]: warning: 
TLS library problem: 20218:error:1411C146:SSL 
routines:tls1_prf:unsupported digest type:t1_enc.c:276: 
2013-04-14T15:26:27.625738+02:00 server postfix/smtpd[20218]: warning: 
TLS library problem: 20218:error:140D308A:SSL 
routines:tls1_setup_key_block:cipher or hash unavailable:t1_enc.c:621: 
Any clue ? Your libcrypto does not support the algorithms that libssl 
expects, report the output of: unset LD_LIBRARY_PATH unset LD_PRELOAD 
ldd $(postconf -h daemon_directory)/smtpd

# ldd $(postconf -h daemon_directory)/smtpd linux-vdso.so.1 
libmysqlclient.so.18 => /usr/lib/mysql/libmysqlclient.so.18 
libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 libcrypto.so.1.0.0 => 
/usr/lib/libcrypto.so.1.0.0 libz.so.1 => /lib/libz.so.1 libm.so.6 => 
/lib/libm.so.6 libpcre.so.1 => /lib/libpcre.so.1 libsasl2.so.2 => 
/usr/lib/libsasl2.so.2 libdb-5.3.so => /usr/lib/libdb-5.3.so libnsl.so.1 
=> /lib/libnsl.so.1 libresolv.so.2 => /lib/libresolv.so.2 libc.so.6 => 
/lib/libc.so.6 libpthread.so.0 => /lib/libpthread.so.0 libdl.so.2 => 
/lib/libdl.so.2 libstdc++.so.6 => /usr/lib/libstdc++.so.6 libgcc_s.so.1 
=> /usr/lib/libgcc_s.so.1 /lib64/ld-linux-x86-64.so.2



The only thing that comes to mind here is that perhaps 
libmsqlclient.so.18

is linked against a different OpenSSL runtime library than Postfix.
Report the output of:

readelf -d /usr/lib/postfix/smtpd
readelf -d /usr/lib/mysql/libmysqlclient.so.18

server:~ # readelf -d /usr/lib/postfix/smtpd

Dynamic section at offset 0x75480 contains 34 entries:
Tag        Type                         Name/Value

0x0000000000000001 (NEEDED)             Shared library: 
[libmysqlclient.so.18]
0x0000000000000001 (NEEDED)             Shared library: 
[libssl.so.1.0.0]
0x0000000000000001 (NEEDED)             Shared library: 
[libcrypto.so.1.0.0]

0x0000000000000001 (NEEDED)             Shared library: [libz.so.1]
0x0000000000000001 (NEEDED)             Shared library: [libm.so.6]
0x0000000000000001 (NEEDED)             Shared library: [libpcre.so.1]
0x0000000000000001 (NEEDED)             Shared library: [libsasl2.so.2]
0x0000000000000001 (NEEDED)             Shared library: [libdb-5.3.so]
0x0000000000000001 (NEEDED)             Shared library: [libnsl.so.1]
0x0000000000000001 (NEEDED)             Shared library: [libresolv.so.2]
0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]
0x000000000000000c (INIT)               0x405770
0x000000000000000d (FINI)               0x451034
0x0000000000000019 (INIT_ARRAY)         0x675468
0x000000000000001b (INIT_ARRAYSZ)       8 (bytes)
0x000000000000001a (FINI_ARRAY)         0x675470
0x000000000000001c (FINI_ARRAYSZ)       8 (bytes)
0x0000000000000004 (HASH)               0x400258
0x0000000000000005 (STRTAB)             0x402810
0x0000000000000006 (SYMTAB)             0x400b48
0x000000000000000a (STRSZ)              4123 (bytes)
0x000000000000000b (SYMENT)             24 (bytes)
0x0000000000000015 (DEBUG)              0x0
0x0000000000000003 (PLTGOT)             0x675710
0x0000000000000002 (PLTRELSZ)           6936 (bytes)
0x0000000000000014 (PLTREL)             RELA
0x0000000000000017 (JMPREL)             0x403c58
0x0000000000000007 (RELA)               0x403b68
0x0000000000000008 (RELASZ)             240 (bytes)
0x0000000000000009 (RELAENT)            24 (bytes)
0x000000006ffffffe (VERNEED)            0x403a98
0x000000006fffffff (VERNEEDNUM)         4
0x000000006ffffff0 (VERSYM)             0x40382c
0x0000000000000000 (NULL)               0x0
server:~ #  readelf -d /usr/lib/mysql/libmysqlclient.so.18

Dynamic section at offset 0x473b10 contains 33 entries:
Tag        Type                         Name/Value

0x0000000000000001 (NEEDED)             Shared library: 
[libpthread.so.0]

0x0000000000000001 (NEEDED)             Shared library: [libz.so.1]
0x0000000000000001 (NEEDED)             Shared library: [libdl.so.2]
0x0000000000000001 (NEEDED)             Shared library: [libstdc++.so.6]
0x0000000000000001 (NEEDED)             Shared library: [libm.so.6]
0x0000000000000001 (NEEDED)             Shared library: [libgcc_s.so.1]
0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]

0x000000000000000e (SONAME)             Library soname: 
[libmysqlclient.so.18]

0x000000000000000c (INIT)               0x9f230
0x000000000000000d (FINI)               0x1f522c
0x0000000000000019 (INIT_ARRAY)         0x657000
0x000000000000001b (INIT_ARRAYSZ)       8 (bytes)
0x000000000000001a (FINI_ARRAY)         0x657008
0x000000000000001c (FINI_ARRAYSZ)       8 (bytes)
0x0000000000000004 (HASH)               0x158
0x0000000000000005 (STRTAB)             0x28ed8
0x0000000000000006 (SYMTAB)             0x95a0
0x000000000000000a (STRSZ)              102369 (bytes)
0x000000000000000b (SYMENT)             24 (bytes)
0x0000000000000003 (PLTGOT)             0x674fa0
0x0000000000000002 (PLTRELSZ)           59664 (bytes)
0x0000000000000014 (PLTREL)             RELA
0x0000000000000017 (JMPREL)             0x90920
0x0000000000000007 (RELA)               0x44a20
0x0000000000000008 (RELASZ)             311040 (bytes)
0x0000000000000009 (RELAENT)            24 (bytes)
0x000000006ffffffc (VERDEF)             0x448d8
0x000000006ffffffd (VERDEFNUM)          2
0x000000006ffffffe (VERNEED)            0x44910
0x000000006fffffff (VERNEEDNUM)         6
0x000000006ffffff0 (VERSYM)             0x41eba
0x000000006ffffff9 (RELACOUNT)          9572
0x0000000000000000 (NULL)               0x0
server:~ #





























					Reply via email to