also sprach martin f krafft <[email protected]> [2011.11.10.1601 +0100]: > When the client presents a certificate (which is not expired, > I checked), however, the server says: > > postfix/smtpd[4981]: warning: TLS library problem: > 4981:error:0D0C50A1:asn1 encoding > routines:ASN1_item_verify:unknown message digest > algorithm:a_verify.c:141:
Just before this, the server notes:
postfix/smtpd[28763]: CA certificate verification failed for
fishbowl.gern.madduck.net[2001:a60:f0fb:0:224:d7ff:fe04:c82c]:
num=7:certificate signature failure
However, the certificate is unchanged and verifiable:
% openssl verify -CAfile /etc/ssl/certs/cacert.org.pem -purpose
sslclient /etc/ssl/certs/fishbowl.gern.madduck.net.pem
/etc/ssl/certs/fishbowl.gern.madduck.net.pem: OK
--
.''`. martin f. krafft <[email protected]> Related projects:
: :' : proud Debian developer http://debiansystem.info
`. `'` http://people.debian.org/~madduck http://vcs-pkg.org
`- Debian - when you have better things to do than fixing systems
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

