Just performed this procedure on a test machine, and everything
installed properly.
epel-release was already installed, the newer openssl package installed
in /usr/lib as expected, and the toaster rpm installed with no
complaints. A quick stop/start of qmail later and we have an updated
toaster install. I have not yet tried it on a live box but plan on it
after seeing if anyone else has succeeded with this procedure.
Thanks Eric!
On 6/30/2018 2:06 PM, Eric Broch wrote:
Instructions for setting up greater than openssl-0.9.8 CentOS 5,
minimal testing done. This is done with openssl-1.01e
https://www.qmailtoaster.org/newopensslcnt50.html
Eric
On 6/29/2018 4:51 AM, Peter Peltonen wrote:
Great, thanks for sharing!
One question:
Eric had produced an RPM for qmail 1.03-1.3.23.i386 with the CNAME
lookups removed.
Yours is 1.03-1.3.22 and with CNAME lookups enabled I assume.
How would one migrate the changes you did to Eric's version, as I
would like to have both: newer TLS support + CNAME lookups removed?
Best,
Peter
On Fri, Jun 29, 2018 at 10:34 AM, Eric Broch
<ebr...@whitehorsetc.com> wrote:
Thanks, Brian!!!
On 6/29/2018 1:32 AM, Brian Ghidinelli wrote:
Good news - I seemed to have solved this. It's a combo of these old
notes
from 2011 and an upgraded openssl:
http://www.ghidinelli.com/2011/10/20/october-qmail-follow-up
I'm attaching my modified qmail-toaster.spec from 1.3.21. I installed
openssl-1.0.2o from source on CentOS 5 and linked:
/usr/include/openssl -> /usr/local/ssl/include/openssl/
Then I rebuilt the RPM:
rpmbuild -bb --target i686 --with cnt50
/usr/src/redhat/SPECS/qmail-toaster.spec
This generated the RPM. I extracted the files:
rpm2cpio qmail-toaster-1.03-1.3.22.i686.rpm | cpio -idmv
I backed up my existing qmail-smtpd and qmail-remote.orig, and copied
the new binaries over (from /usr/src/redhat/RPMS/i686/var/qmail/bin
where cpio extracted them to)
And then tested with checktls.com and everything shows TLS 1.2 now.
*whew*
This buys us a little time to complete a migration. Hope this helps
someone
else!
Brian
On 6/27/18 09:09, Eric Broch wrote:
Have a look at this thread:
https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg41029.html
IMHO, there were to many packages that were dependent on openssl-9.8
on the
CentOS 5 box to make this practical.
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
--
Eric Broch
White Horse Technical Consulting (WHTC)
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
