Odd behavior out of openssl 1.0.1h

[Quanah Gibson-Mount]

After upgrading to OpenSSL 1.0.1h, I've found now that when initiating 
startTLS connections to a system linked to OpenSSL 1.0.1h, it always tries 
to do certificate auth with the client.  This causes a lot of failures, for 
example with postfix.


I.e., I initiate a connection to port 587 on the postfix server with 
startTLS.  Before I even get to the stage of authenticating as a user, it 
tries SSL cert auth, and drops the client due to unknown CA, which, if I 
were trying to do cert auth would make sense, but I'm not trying to do cert 
auth at all, I'm just trying to connect to the port.  Is this a known bug 
in 1.0.1h?  Any suggestions on how to turn off this sudden new bit to 
always try cert auth, regardless of whether or not it is desired?




Thanks!

--Quanah

--

Quanah Gibson-Mount
Server Architect
Zimbra, Inc.

Zimbra ::  the leader in open source messaging and collaboration
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: Odd behavior out of openssl 1.0.1h

[Quanah Gibson-Mount]

--On Monday, June 30, 2014 3:58 PM -0700 Quanah Gibson-Mount 
qua...@zimbra.com wrote:



After upgrading to OpenSSL 1.0.1h, I've found now that when initiating
startTLS connections to a system linked to OpenSSL 1.0.1h, it always
tries to do certificate auth with the client.  This causes a lot of
failures, for example with postfix.


Never mind, I tracked it down to an oddity with the Perl module I am using. 
;)


--Quanah

--

Quanah Gibson-Mount
Server Architect
Zimbra, Inc.

Zimbra ::  the leader in open source messaging and collaboration
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org