On Tue, Nov 30, 2010 at 12:56:08AM -0500, Victor Duchovni wrote:
> When testing with Postfix 2.7 compiled against OpenSSL 1.0.0a and also
> 1.0.0b with two patches from the upcoming 1.0.0c (due any day now)
> everything is normal. Your OpenSSL is perhaps less fortuitously selected
> than mine.
I get the same (successfully decoded CN) results with 0.9.8p and
Postfix 2.5. I don't have a build of Postfix 2.7 with OpenSSL 0.9.8.
What combination are you using? It sounds like your OpenSSL has a problem
parsing the CN encoding, this happens very far away from Postfix code,
entirely within OpenSSL.
--
Viktor.
