On Sat, Oct 31, 2015 at 12:05:29PM -0400, David Mehler wrote:
> I am using self-signed certificates via my own CA if that matters.
A certificate is either self-signed, or issued by a CA. Which is it?
> Oct 30 12:12:01 ohio postfix/submission/smtpd[4795]: SSL_accept error from
> localhost[::1]: 0
> Oct 30 12:12:01 ohio postfix/submission/smtpd[4795]: warning: TLS library
> problem: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
> ca:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:1300:SSL
> alert number 48:
TLS "alerts" are messages from the remote TLS stack to the local
TLS stack. It is the client does not trust the server certificate
and hangs up. The server just logs the client's reason for aborting
the connection.
> I'm not sure the CA it's refering to.
The issuer of the server certificate.
> I do have my CA's public
> certificate defined in smtpd_tls_CAfile and have the smtp client
> defining smtp_tls_CAfile as the same file as the smtpd server.
The client does not trust the server certificate.
--
Viktor.
