also sprach martin f krafft <[email protected]> [2011.11.10.1601 +0100]:
> When the client presents a certificate (which is not expired,
> I checked), however, the server says:
> 
>   postfix/smtpd[4981]: warning: TLS library problem:
>   4981:error:0D0C50A1:asn1 encoding
>   routines:ASN1_item_verify:unknown message digest
>   algorithm:a_verify.c:141:

Just before this, the server notes:

  postfix/smtpd[28763]: CA certificate verification failed for
  fishbowl.gern.madduck.net[2001:a60:f0fb:0:224:d7ff:fe04:c82c]:
  num=7:certificate signature failure

However, the certificate is unchanged and verifiable:

  % openssl verify -CAfile /etc/ssl/certs/cacert.org.pem -purpose
      sslclient /etc/ssl/certs/fishbowl.gern.madduck.net.pem
  /etc/ssl/certs/fishbowl.gern.madduck.net.pem: OK

-- 
 .''`.   martin f. krafft <[email protected]>      Related projects:
: :'  :  proud Debian developer               http://debiansystem.info
`. `'`   http://people.debian.org/~madduck    http://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems

Attachment: digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Reply via email to