Re: Error using Eudora, Sendmail and SSL

Mon, 18 Nov 2002 13:51:02 -0800 

In message <[EMAIL PROTECTED]> on Mon, 18 Nov 2002 
11:02:10 -0800, Ed Kasky <[EMAIL PROTECTED]> said:

ed> Eudora has a client certificate that it received during it's first
ed> attempt to send through sendmail and it is trusted.

Really?  OK, though that's an odd way to handle things.  You're sure
you're not micing up client and server certificates?

Anyway, from the ssldump that you showed us, it's obvious that Eudora
didn't send any client certificate.  It would have shown somewhere in
this sequence:

ed> 15 5 0.0605 (0.0152) C>S Alert
ed> level warning
ed> value unknown value
ed> 15 6 0.0605 (0.0000) C>S Handshake
ed> ClientKeyExchange
ed> 15 7 0.0605 (0.0000) C>S ChangeCipherSpec
ed> 15 8 0.0605 (0.0000) C>S Handshake

So, if Eudora really has a valid client certificate, perhaps you need
to check that it's issued by one of the issuers that sendmail trusts.
Those issuers are declared as part of the ServerHello:

ed> certificate_authority
ed> 30 81 8c 31 0b 30 09 06 03 55 04 06 13 02 55 53
ed> 31 0d 30 0b 06 03 55 04 08 13 04 55 74 61 68 31
ed> 17 30 15 06 03 55 04 07 13 0e 53 61 6c 74 20 4c
ed> 61 6b 65 20 43 69 74 79 31 18 30 16 06 03 55 04
ed> 0a 13 0f 58 63 65 72 74 20 45 5a 20 62 79 20 44
ed> 53 54 31 18 30 16 06 03 55 04 03 13 0f 58 63 65
ed> 72 74 20 45 5a 20 62 79 20 44 53 54 31 21 30 1f
ed> 06 09 2a 86 48 86 f7 0d 01 09 01 16 12 63 61 40
ed> 64 69 67 73 69 67 74 72 75 73 74 2e 63 6f 6d
ed> 
ed> (...and then 60 or so more certificate_authority's until)

Other than this, I'm out of ideas...

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
                    \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis                -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to