Loading ...
Sorry, an error occurred while loading the content.

291296Re: TLS Library Problem? Postfix 2.9.6

Expand Messages
  • weber@...
    Feb 11, 2013
      Am 2013-02-12 01:07, schrieb Wietse Venema:
      > weber@...:
      >> Feb 11 22:52:52 fallbackhost postfix/smtp[18823]: warning: TLS
      >> library
      >> problem: 18823:error:04075070:rsa routines:RSA_sign:digest too big
      >> for
      >> rsa key:rsa_sign.c:127:
      >> Feb 11 22:52:52 fallbackhost postfix/smtp[18823]: warning: TLS
      >> library
      >> problem: 18823:error:14099006:SSL
      >> routines:SSL3_SEND_CLIENT_VERIFY:EVP
      >> lib:s3_clnt.c:2983:
      >
      > The TLS library (i.e. OpenSSL) is not part of Postfix, so this may
      > be the wrong mailing list.
      >
      > What does
      >
      > $ openssl s_client -starttls smtp -connect servername:25


      openssl s_client -starttls smtp -connect mail.domian.de:25

      CONNECTED(00000003)
      depth=2 C = US, O = "thawte, Inc.", OU = Certification Services
      Division, OU = "(c) 2006 thawte, Inc. - For authorized use only", CN =
      thawte Primary Root CA
      verify error:num=20:unable to get local issuer certificate
      verify return:0
      ---
      Certificate chain
      0 s:/O=mail.domain.de/OU=Go to
      https://www.thawte.com/repository/index.html/OU=Thawte SSL123
      certificate/OU=Domain Validated/CN=mail.domain.de
      i:/C=US/O=Thawte, Inc./OU=Domain Validated SSL/CN=Thawte DV SSL CA
      1 s:/C=US/O=Thawte, Inc./OU=Domain Validated SSL/CN=Thawte DV SSL CA
      i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c)
      2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
      2 s:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c)
      2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
      i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
      cc/OU=Certification Services Division/CN=Thawte Premium Server
      CA/emailAddress=premium-server@...
      ---
      Server certificate
      -----BEGIN CERTIFICATE-----
      MIIEOjCCAyKgAwIBAgIQSlUaiYoSfpq8Je9tqw4GYDANBgkqhkiG9w0BAQUFADBe
      MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVGhhd3RlLCBJbmMuMR0wGwYDVQQLExRE
      b21haW4gVmFsaWRhdGVkIFNTTDEZMBcGA1UEAxMQVGhhd3RlIERWIFNTTCBDQTAe
      Fw0xMjA2MTMwMDAwMDBaFw0xMzA2MTMyMzU5NTlaMIGwMRgwFgYDVQQKFA9tYWls
      LnpiZm1haWwuZGUxOzA5BgNVBAsTMkdvIHRvIGh0dHBzOi8vd3d3LnRoYXd0ZS5j
      b20vcmVwb3NpdG9yeS9pbmRleC5odG1sMSIwIAYDVQQLExlUaGF3dGUgU1NMMTIz
      IGNlcnRpZmljYXRlMRkwFwYDVQQLExBEb21haW4gVmFsaWRhdGVkMRgwFgYDVQQD
      FA9tYWlsLnpiZm1haWwuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
      AQDAmiudVoYwLPurkEGr1hcGeCZN54qAAur2Dh+c49nTLwupCJg0CmpCLKbgUob3
      wupH7TLyTodGYR3mMaOxiDjVExoiIblR9hDSnvm2pnH3wqbFA8mjiCRrCvdKLQeE
      pykUob2wAyIU7ZvD1VJa/WrPLEoBAbsJCu4xMv8GYnLGBld3VFM31dNGCJQt8Y7S
      55ICMPKjVrQFNtkRRlCKqZnjpsmtWL/7Tji8qLVc8t8zPjB4oDPmSNhhd8bMjPBj
      MAUi5Z1vsxbr40I/pTJ589QK2qcWNwEXXqZ2t6Nn2UoDnNDG/Z8bWmjRty+rThXA
      2AJR1h57T8pFf3KgGedrhT1tAgMBAAGjgaAwgZ0wDAYDVR0TAQH/BAIwADA6BgNV
      HR8EMzAxMC+gLaArhilodHRwOi8vc3ZyLWR2LWNybC50aGF3dGUuY29tL1RoYXd0
      ZURWLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYIKwYBBQUH
      AQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMA0GCSqG
      SIb3DQEBBQUAA4IBAQCYg3cdadM1yTaBSqE1AoEZHLq//WuabpkkGIqNUJVzuI7C
      XqY5HOoLvuN7JBHJeNnFiZ9oMaVJeflc7FhExhxFF0M+lbpw77ZCVjpsCzYbr64h
      Q1xcjxiu9E1tXNzB9VYW3f14fO08+z+ldg+Ip4Thukn1M4VEV2iIKsDjgZKANCMk
      rRDVYHV9HjctIYdUv7hSvpOP+IZYyl19QVOPeXwYo1BSUfbf0q61VTnU2U4fXzMC
      XmXU1iiTBmyLBp3rpPISIrIFyidZnz3t5DdpTbSG0stAdMdgTT1XI1l3W7Ok/B4V
      +EYiEb5JOwXLuXh0h82R7DZo0ZyEL0RxA21EbCup
      -----END CERTIFICATE-----
      subject=/O=mail.domain.de/OU=Go to
      https://www.thawte.com/repository/index.html/OU=Thawte SSL123
      certificate/OU=Domain Validated/CN=mail.domain.de
      issuer=/C=US/O=Thawte, Inc./OU=Domain Validated SSL/CN=Thawte DV SSL CA
      ---
      Acceptable client certificate CA names
      /C=US/O=Thawte, Inc./OU=Domain Validated SSL/CN=Thawte DV SSL CA
      /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006
      thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
      ---
      SSL handshake has read 4609 bytes and written 504 bytes
      ---
      New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
      Server public key is 2048 bit
      Secure Renegotiation IS supported
      Compression: zlib compression
      Expansion: zlib compression
      SSL-Session:
      Protocol : TLSv1.2
      Cipher : ECDHE-RSA-AES256-GCM-SHA384
      Session-ID:
      01A34AF6F2586EFB5FCF8A4860FF9D13607FAE8BF2774587801985C6E5106C13
      Session-ID-ctx:
      Master-Key:
      09925141BD917D5E098A9BB18B8B547C732E6A38564CEEF3DAA18ECE963E24E7767D786E1276A117D13CAB5343C3B87C
      Key-Arg : None
      PSK identity: None
      PSK identity hint: None
      SRP username: None
      TLS session ticket lifetime hint: 3600 (seconds)
      TLS session ticket:
      0000 - ae 98 22 74 98 e5 42 e3-d5 ab 25 80 bb 1a b6 ab
      .."t..B...%.....
      0010 - 45 fd 31 cb 63 96 1b 7d-44 1e 78 86 15 c5 de 17
      E.1.c..}D.x.....
      0020 - 05 42 1a bb 5b f2 e2 23-4a 63 cb 90 ed e8 a0 ca
      .B..[..#Jc......
      0030 - 54 4e 08 7c c2 14 3a 0a-ad fe 31 89 6b 83 84 86
      TN.|..:...1.k...
      0040 - 91 ce a8 06 7e 30 78 e4-ef e2 7c 7f 96 90 99 d8
      ....~0x...|.....
      0050 - ab 51 2a 6d 51 bb 2d 32-da b9 64 ec af 61 06 3a
      .Q*mQ.-2..d..a.:
      0060 - 2f 9b e9 ea f3 23 38 01-7a 6f ed d2 d6 b8 65 8c
      /....#8.zo....e.
      0070 - a7 9d 64 15 ff ca b8 e2-25 87 b0 86 a8 e5 87 97
      ..d.....%.......
      0080 - 63 29 ab ac 79 81 1d af-c9 43 fb 09 53 5f 88 4d
      c)..y....C..S_.M
      0090 - a5 da 2e b9 6d 79 c5 c3-61 05 98 ab b6 49 4f 61
      ....my..a....IOa
      00a0 - e2 b2 47 30 d8 84 7f 5e-78 a5 b8 d4 2d c1 ac 9a
      ..G0...^x...-...

      Compression: 1 (zlib compression)
      Start Time: 1360631194
      Timeout : 300 (sec)
      Verify return code: 20 (unable to get local issuer certificate)
      ---
      250 8BITMIME
      quit
      221 2.0.0 Bye
      closed



      >
      > have to say about this?
      >
      > Wietse
    • Show all 8 messages in this topic