Le Mon, Mar 16, 2009 at 09:37:44AM -0400, Victor Duchovni a écrit:
> > Mar 16 10:37:40 host postfix/smtpd[27618]: warning: TLS library problem:
> > 27618:error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert
> > already in hash table:x509_lu.c:348:
> Don't list any certificate twice in $smtpd_tls_cert_file or
> $smtpd_tls_CAfile. What are the certificates that appear in the two files?
I don't have any:
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_cert_file = /etc/ssl/nocworld.pem
smtpd_tls_key_file = /etc/ssl/nocworld.pem
nocworld.pem really only contains the crt and key pem.
> > host ~ # openssl s_server -verify 5 -CApath /etc/ssl/certs -cert
> > /etc/ssl/test.pem -key /etc/ssl/test.pem -accept 2525
> Make sure that you don't have duplicate certificate files in
> /etc/ssl/certs, that differ only in the file name, run
> c_rehash(1) to cleanup any stale symlinks.
Already did. Seems either the gentoo certificate pack is wrong,
either there is something else (which I don't believe). Only
thing, I suppose there's no way to ask openssl to check the certs
for dups, *and* tells which ones, if any, are dups ?
$ cp -L /etc/ssl/certs/* /tmp/certs
$ cd /tmp/certs && rm *.0
$ md5sum * | sort | wc -l
143
$ md5sum * | sort | uniq | wc -l
143
Arnaud.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
