Re: TLS with openssl 0.9.8m

Mon, 15 Mar 2010 08:50:57 -0700

--On Sunday, March 14, 2010 4:34 PM +0100 Richard van den Berg <rich...@vdberg.org> wrote: 


Is anyone here successfully using self signed server certificates in
combination with openssl 0.9.8m ? I just upgraded from 0.9.8k and I am
getting these errors whenever a starttls is received:

This is all over port 25 with STARTTLS. Port 465 works just fine.
We use self-signed certs with Postfix, and StartTLS on port 25 works just fine. Postfix is linked against OpenSSL 0.9.8m for us. 


[r...@xxx ~]# openssl s_client -starttls smtp -connect xxx.yyyyy.lab:25
CONNECTED(00000003)
depth=0 /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=xxx.yyyyy.lab
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=xxx.yyyyy.lab
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=xxx.yyyyy.lab
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=xxx.yyyyy.lab
  i:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=xxx.yyyyy.lab
---
Server certificate
-----BEGIN CERTIFICATE-----
[snip]
-----END CERTIFICATE-----
subject=/C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=xxx.yyyyy.lab
issuer=/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration 
Suite/CN=xxx.yyyyy.lab
---
No client certificate CA names sent
---
SSL handshake has read 1303 bytes and written 350 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
   Protocol  : TLSv1
   Cipher    : DHE-RSA-AES256-SHA
   Session-ID:
10786FD7E289B2F44199073EFD261DCB3E6872D72222A947E1273797D71A862F
   Session-ID-ctx:
   Master-Key:
6C85BE60B6EB202E669666E86D267CE7E0BE071081A75387FFC2CA52352B8AF738BA1F419CC160EADB87F48E79B723DF
   Key-Arg   : None
   Krb5 Principal: None
   Start Time: 1268646464
   Timeout   : 300 (sec)
   Verify return code: 21 (unable to verify the first certificate)
---
220 xxx.yyyyy.lab ESMTP Postfix
ehlo
501 Syntax: EHLO hostname
ehlo xxx.yyyyy.lab
250-xxx.yyyyy.lab
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
STARTTLS
554 5.5.1 Error: TLS already active
mail from:p...@xxx.yyyyy.lab
250 2.1.0 Ok
rcpt to:p...@xxx.yyyyy.lab
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject:StartTLS test
Hi this is a StartTLS test
and this one is the test mail
.
250 2.0.0 Ok: queued as DAF6C48407C
QUIT
DONE
[r...@xxx ~]#


--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Reply via email to