Richard van den Berg a écrit :
> Is anyone here successfully using self signed server certificates in
> combination with openssl 0.9.8m ? I just upgraded from 0.9.8k and I am
> getting these errors whenever a starttls is received:
>
works on FreeBSD:
$ uname
FreeBSD
$ postconf mail_version
mail_version = 2.8-20100213
$ postconf mail_version
mail_version = 2.8-20100213
Didn't try on Debian yet.
Try rebuilding postfix and see if the problem persists (if you used a
package, see if you need to get a new one...).
> Mar 14 08:47:04 majoron postfix/smtpd[31776]: SSL_accept:error in SSLv3
> read client certificate A
> Mar 14 08:47:04 majoron postfix/smtpd[31776]: SSL_accept error from
> 82-171-xxx-yyy.ip.telfort.nl[82.171.xxx.yyy]: -1
> Mar 14 08:47:04 majoron postfix/smtpd[31776]: warning: TLS library
> problem: 31776:error:0D0C50A1:asn1 encoding
> routines:ASN1_item_verify:unknown message digest algorithm:a_verify.c:146:
>
> This is all over port 25 with STARTTLS. Port 465 works just fine.
>
> I upgraded postfix from 2.5.5 to 2.6.5 but the issue remains. My postfix
> configuration has not changed when these errors started occuring:
>
> smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
> smtpd_tls_CAfile = /etc/ssl/certs/vdberg.org.ca.pem
> smtpd_tls_security_level = may
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtpd_tls_received_header = yes
> smtpd_tls_loglevel = 0
>
> See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573748
>
> Richard
>
