Is anyone here successfully using self signed server certificates in
combination with openssl 0.9.8m ? I just upgraded from 0.9.8k and I am
getting these errors whenever a starttls is received:
Mar 14 08:47:04 majoron postfix/smtpd[31776]: SSL_accept:error in SSLv3
read client certificate A
Mar 14 08:47:04 majoron postfix/smtpd[31776]: SSL_accept error from
82-171-xxx-yyy.ip.telfort.nl[82.171.xxx.yyy]: -1
Mar 14 08:47:04 majoron postfix/smtpd[31776]: warning: TLS library
problem: 31776:error:0D0C50A1:asn1 encoding
routines:ASN1_item_verify:unknown message digest algorithm:a_verify.c:146:
This is all over port 25 with STARTTLS. Port 465 works just fine.
I upgraded postfix from 2.5.5 to 2.6.5 but the issue remains. My postfix
configuration has not changed when these errors started occuring:
smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
smtpd_tls_CAfile = /etc/ssl/certs/vdberg.org.ca.pem
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_received_header = yes
smtpd_tls_loglevel = 0
See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573748
Richard
