Hello All,
I'm currently having a problem with setting up STARTTLS with my sendmail
on my FreeBSD 5.3 box. I've used openssl to create the cert and key:
openssl dsaparam 1024 -out dsa1024.pem
openssl req -x509 -nodes -newkey dsa:dsa1024.pem -out mycert.pem -keyout
mykey.pem
my version of openssl:
OpenSSL 0.9.7d 17 Mar 2004
I've recompiled sendmail to use ssl and then added the following to my
sendmail.cf:
define(`CERT_DIR', `/etc/mail/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl
However, when I attempt to connect the server with evolution, evolution
gives me an "unable to connect error."
Sendmail logs the following error:
Jun 15 13:53:41 zeppo sm-mta[17104]: j5FKrfYA017104: Milter: no active
filter
Jun 15 13:53:41 zeppo sm-mta[17104]: STARTTLS=server, error: accept
failed=-1, SSL_error=1, timedout=0, errno=0
Jun 15 13:53:41 zeppo sm-mta[17104]: STARTTLS=server:
17104:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_srvr.c:887:
Jun 15 13:53:41 zeppo sm-mta[17104]: j5FKrfYA017104: [65.125.115.243]
did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
When I use the openssl client to connect, I get the following results:
misato.awclemen> openssl s_client -starttls smtp -connect
zeppo.candhsoftware.com:25
CONNECTED(00000003)
depth=0 /C=US/ST=Arizona/L=Tucson/O=C & H Software
L.L.C./OU=Engineering/CN=zeppo.candhsoftware.com/[EMAIL PROTECTED]
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=Arizona/L=Tucson/O=C & H Software
L.L.C./OU=Engineering/CN=zeppo.candhsoftware.com/[EMAIL PROTECTED]
verify return:1
---
Certificate chain
0 s:/C=US/ST=Arizona/L=Tucson/O=C & H Software
L.L.C./OU=Engineering/CN=zeppo.candhsoftware.com/[EMAIL PROTECTED]
i:/C=US/ST=Arizona/L=Tucson/O=C & H Software
L.L.C./OU=Engineering/CN=zeppo.candhsoftware.com/[EMAIL PROTECTED]
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEojCCBGKgAwIBAgIBADAJBgcqhkjOOAQDMIGuMQswCQYDVQQGEwJVUzEQMA4G
A1UECBMHQXJpem9uYTEPMA0GA1UEBxMGVHVjc29uMR4wHAYDVQQKFBVDICYgSCBT
b2Z0d2FyZSBMLkwuQy4xFDASBgNVBAsTC0VuZ2luZWVyaW5nMSAwHgYDVQQDExd6
ZXBwby5jYW5kaHNvZnR3YXJlLmNvbTEkMCIGCSqGSIb3DQEJARYVYXdjQGNhbmRo
c29mdHdhcmUuY29tMB4XDTA1MDYxMzIyMDExOVoXDTA2MDYxMzIyMDExOVowga4x
CzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMQ8wDQYDVQQHEwZUdWNzb24x
HjAcBgNVBAoUFUMgJiBIIFNvZnR3YXJlIEwuTC5DLjEUMBIGA1UECxMLRW5naW5l
ZXJpbmcxIDAeBgNVBAMTF3plcHBvLmNhbmRoc29mdHdhcmUuY29tMSQwIgYJKoZI
hvcNAQkBFhVhd2NAY2FuZGhzb2Z0d2FyZS5jb20wggG2MIIBKwYHKoZIzjgEATCC
AR4CgYEAh/GZcaq+qODWgob4GOKQYoFn4/RE6ZVyfXWCqjlao/KjDV1pm1A+HqFb
eK6dU73hGlTijcZF+Iw8onD87rwdO1d/5GS+EBdYTriZYsU8QnJFfaNFY/iHkHof
BNIdvMl6bV56e4iFtwcAghAmBi9ZOn7gEetJYIYpiC/clpwFQasCFQDbWQOf3xN6
OuO3/x0OU2Gb3bShbQKBgA+d3bboMytLRWgGTLI0eNuWQ2j6l9YhO/T8naljgtu3
B5eOivFWvA/DA2Ljslx4pGtQ3xxqUeqGOYAcbfuoir4GZ+Zg6zz8PYxa6Hh9NWLb
RZeT85mPzGbFByGQ/41NOf/kHXKkPut2KPhnmAubfF44sjATk/nGkUufwa7UmDc7
A4GEAAKBgBQHIuOqNm3W35pTAViNelH13POl68dpgMR1hIMNRmb7cMwXv44aStE9
AjtEddLjXHs47pEigkD+9A4VMsqVPolTSyUARKUk/sqiSVq896t0D0WQ2pzQuiRP
BoCi0Zd2SJk/KtpxPVauaPBZSimscNhp2MsBcjNyLnzUQOaY1WVyo4IBDzCCAQsw
HQYDVR0OBBYEFINAkoeJs7TbPCwjksYGq7XKs5CLMIHbBgNVHSMEgdMwgdCAFINA
koeJs7TbPCwjksYGq7XKs5CLoYG0pIGxMIGuMQswCQYDVQQGEwJVUzEQMA4GA1UE
CBMHQXJpem9uYTEPMA0GA1UEBxMGVHVjc29uMR4wHAYDVQQKFBVDICYgSCBTb2Z0
d2FyZSBMLkwuQy4xFDASBgNVBAsTC0VuZ2luZWVyaW5nMSAwHgYDVQQDExd6ZXBw
by5jYW5kaHNvZnR3YXJlLmNvbTEkMCIGCSqGSIb3DQEJARYVYXdjQGNhbmRoc29m
dHdhcmUuY29tggEAMAwGA1UdEwQFMAMBAf8wCQYHKoZIzjgEAwMvADAsAhRyfUoO
9ZLFxZLGsijrAzbCSQLBXwIUfYf/FeKdY/embpVrLnTV942wOuk=
-----END CERTIFICATE-----
subject=/C=US/ST=Arizona/L=Tucson/O=C & H Software
L.L.C./OU=Engineering/CN=zeppo.candhsoftware.com/[EMAIL PROTECTED]
issuer=/C=US/ST=Arizona/L=Tucson/O=C & H Software
L.L.C./OU=Engineering/CN=zeppo.candhsoftware.com/[EMAIL PROTECTED]
---
Acceptable client certificate CA names
/C=US/ST=Arizona/L=Tucson/O=C & H Software
L.L.C./OU=Engineering/CN=zeppo.candhsoftware.com/[EMAIL PROTECTED]
---
SSL handshake has read 1861 bytes and written 298 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-DSS-AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DHE-DSS-AES256-SHA
Session-ID:
28239EBE3C499BDD7E00B2F0FE3A7645E65AC135348B8FE6F4990843579F94F7
Session-ID-ctx:
Master-Key:
5651D294B719C6C19FA743A0EE0EC7B1E00F2AD1AD8E70AD072715165690E0AC919193A5148AE24111BCA86433621264
Key-Arg : None
Start Time: 1118876232
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
220 zeppo.candhsoftware.com ESMTP Sendmail 8.13.1/8.13.1; Wed, 15 Jun
2005 15:41:53 -0700 (MST)
helo misato.candhsoftware.com
250 zeppo.candhsoftware.com Hello [65.125.115.243], pleased to meet you
quit
221 2.0.0 zeppo.candhsoftware.com closing connection
closed
I have no ideas what the error message in the sendmail log is telling
me, can someone give me a clue what needs to be done?
Thanks in advance,
Andy
--
Andy Clements
C & H Software L.L.C.
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
