[Postfixbuch-users] TLS library problem

Patrick Ben Koetter p at state-of-mind.de
Do Jun 30 18:22:02 CEST 2005


* Jim Knuth <jk at jkart.de>:
> Hallo und guten Tag Patrick,
> 
> Heute (am 30.06.2005 - 17:17 Uhr)
>    schriebst Du: 
> 
> > Hmmm, ist denn nicht der Client inzwischen das Problem? Dann brauchen wir die
> > Ausgabe im Moment nicht. Hast Du mal einen anderen Client getestet? Ich wuerde
> > das gerne auf eine Problem-Zone ;) festnageln...
> 
> 
> JETZT hab ich doch Fehler. Sehr merkwürdig.
>     
> Virus free. Checked by NOD32 Version 1.1158 Update 29.06.2005
> server1:~# openssl s_client -starttls smtp -CApath /etc/postfix/certs/ -connect localhost:25
> CONNECTED(00000003)
> depth=0 /C=DE/ST=Sachsen-Anhalt/L=Dessau/O=ARTdomains/OU=Hosting/CN=mail.server1.art-domains.de/emailAddress=hostmaster at art-domains.de
> verify error:num=20:unable to get local issuer certificate

Kann es sein, dass Dein Postfix noch das alte CA-cert vorlegt und das neue
noch nicht hat?

p at rick




> verify return:1
> depth=0 /C=DE/ST=Sachsen-Anhalt/L=Dessau/O=ARTdomains/OU=Hosting/CN=mail.server1.art-domains.de/emailAddress=hostmaster at art-domains.de
> verify error:num=26:unsupported certificate purpose
> verify return:1
> depth=0 /C=DE/ST=Sachsen-Anhalt/L=Dessau/O=ARTdomains/OU=Hosting/CN=mail.server1.art-domains.de/emailAddress=hostmaster at art-domains.de
> verify error:num=21:unable to verify the first certificate
> verify return:1
> ---
> Certificate chain
>  0 s:/C=DE/ST=Sachsen-Anhalt/L=Dessau/O=ARTdomains/OU=Hosting/CN=mail.server1.art-domains.de/emailAddress=hostmaster at art-domains.de
>    i:/C=DE/ST=Sachsen-Anhalt/L=Dessau/O=ARTdomains/OU=Hosting/CN=mail.server1.art-domains.de/emailAddress=hostmaster at art-domains.de
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIIEVzCCA8CgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBrjELMAkGA1UEBhMCREUx
> FzAVBgNVBAgTDlNhY2hzZW4tQW5oYWx0MQ8wDQYDVQQHEwZEZXNzYXUxEzARBgNV
> BAoTCkFSVGRvbWFpbnMxEDAOBgNVBAsTB0hvc3RpbmcxJDAiBgNVBAMTG21haWwu
> c2VydmVyMS5hcnQtZG9tYWlucy5kZTEoMCYGCSqGSIb3DQEJARYZaG9zdG1hc3Rl
> ckBhcnQtZG9tYWlucy5kZTAeFw0wNTA2MzAxNTE4NDJaFw0wODA2MjkxNTE4NDJa
> MIGuMQswCQYDVQQGEwJERTEXMBUGA1UECBMOU2FjaHNlbi1BbmhhbHQxDzANBgNV
> BAcTBkRlc3NhdTETMBEGA1UEChMKQVJUZG9tYWluczEQMA4GA1UECxMHSG9zdGlu
> ZzEkMCIGA1UEAxMbbWFpbC5zZXJ2ZXIxLmFydC1kb21haW5zLmRlMSgwJgYJKoZI
> hvcNAQkBFhlob3N0bWFzdGVyQGFydC1kb21haW5zLmRlMIGfMA0GCSqGSIb3DQEB
> AQUAA4GNADCBiQKBgQCpVh0bgVtJl1Wqfj6y4D9RFXkbBvPiB6RE54kby+GL2nMc
> 9D0dexmhChZlmrLHEwczeze6onbpbh0nJhb35paJbiomEKawNC1JM2ThZLCTFmi5
> n9u1jZH9DI9BhDDP3WJJcs+d46tPLM2qOSt9IPBL3jaJJ8tbAeZV5pBR6aaYdwID
> AQABo4IBgTCCAX0wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwLAYJYIZI
> AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
> BBQ/J+1EDctBXoVmat7koalqmnxDfzCB4wYDVR0jBIHbMIHYgBT9OKuTl1tsAfrC
> xXutEYrUPrKvl6GBtKSBsTCBrjELMAkGA1UEBhMCREUxFzAVBgNVBAgTDlNhY2hz
> ZW4tQW5oYWx0MQ8wDQYDVQQHEwZEZXNzYXUxEzARBgNVBAoTCkFSVGRvbWFpbnMx
> EDAOBgNVBAsTB0hvc3RpbmcxJDAiBgNVBAMTG21haWwuc2VydmVyMS5hcnQtZG9t
> YWlucy5kZTEoMCYGCSqGSIb3DQEJARYZaG9zdG1hc3RlckBhcnQtZG9tYWlucy5k
> ZYIJAPv+EZvk2bZGMCoGCWCGSAGG+EIBDAQdFhttYWlsLnNlcnZlcjEuYXJ0LWRv
> bWFpbnMuZGUwDQYJKoZIhvcNAQEEBQADgYEANiyllGhFvkb0HHWQkX2fF8hQMuqT
> PitT+ad9Q7wN32il9Wa9DuIo5S/25565U/lwCKgRW3s+5QRtSPqxMDKA3XqAB8Dw
> olR7f+i5Qgz3yJ5tQ4wmuIRsuul2pHTBDEcXy0M1Agb6E/qnDIIx9OOHnSVJdqgu
> Vn05fEP2GObj5/E=
> -----END CERTIFICATE-----
> subject=/C=DE/ST=Sachsen-Anhalt/L=Dessau/O=ARTdomains/OU=Hosting/CN=mail.server1.art-domains.de/emailAddress=hostmaster at art-domains.de
> issuer=/C=DE/ST=Sachsen-Anhalt/L=Dessau/O=ARTdomains/OU=Hosting/CN=mail.server1.art-domains.de/emailAddress=hostmaster at art-domains.de
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 1750 bytes and written 342 bytes
> ---
> New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
> Server public key is 1024 bit
> SSL-Session:
>     Protocol  : TLSv1
>     Cipher    : EDH-RSA-DES-CBC3-SHA
>     Session-ID: FEE6F8E6C38A6785D5BA0E14AE2E96CF751A5C6C05628855CC80B15453B6CC35
>     Session-ID-ctx:
>     Master-Key: 2765A994BC1B85ED7EE30E9975FD048FD29F6B669FDE1D4CDB248D90093C6B628D98E5B680643B9EC5B7B14A2E9FE4FF
>     Key-Arg   : None
>     Start Time: 1120147249
>     Timeout   : 300 (sec)
>     Verify return code: 21 (unable to verify the first certificate)
> ---
> 220 server1.art-domains.de ESMTP AMaVis-Postfix
> quit
> 221 2.0.0 Bye
> read:errno=0
> server1:~#

> -- 
> _______________________________________________
> Postfixbuch-users mailingliste
> Heinlein Professional Linux Support GmbH
> 
> Postfixbuch-users at listi.jpberlin.de
> http://listi.jpberlin.de/mailman/listinfo/postfixbuch-users

-- 
The Book of Postfix
<http://www.postfix-book.com>
SMTP AUTH debug utility:
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>



Mehr Informationen über die Mailingliste Postfixbuch-users