Loading ...
Sorry, an error occurred while loading the content.
 

Re: Upgrade 2.5.4

Expand Messages
  • Linux Addict
    ... Victor, I see these message after upgrade and in fact its RHEL4 w/ openssl-0.9.7a-43.17.el4_6.1 Nov 3 12:02:11 MXHOST postfix/smtp[6209]: certificate
    Message 1 of 10 , Nov 3, 2010
      On Wed, Nov 3, 2010 at 4:48 AM, Terry Kemp <tkemp@...> wrote:
      On 11/3/10, Linux Addict <linuxaddict7@...> wrote:
      > On Tue, Nov 2, 2010 at 1:31 PM, Wietse Venema <wietse@...> wrote:
      >
      >> Linux Addict:
      >> > >> > If the package is not well constructed:
      >> > >> >
      >> > >> >       Read the RELEASE_NOTES file for 2.6 and 2.7, then:
      >> > >> >
      >> > >> >       # postfix stop
      >> > >> >
      >> > >> >       # mkdir -p /etc/postfix/cfsavedir
      >> > >> >       # cp /etc/postfix/main.cf /etc/postfix/master.cf \
      >> > >> >               /etc/postfix/cfsavedir/
      >> > >> >
      >> > >> >       # some-command-to-install-updated-poorly-constructed-package
      >> > >> >
      >> > >> >       # cp /etc/postfix/cfsavedir/main.cf /etc/postfix/cfsavedir/
      >> > >> master.cf \
      >> > >> >               /etc/postfix/
      >> > >> >       # postfix set-permissions upgrade-configuration
      >> > >> >
      >> > >> >       # postfix start
      >> > >> >
      >> > >> > A package is not well contstructed if it fails to preserve and
      >> upgrade
      >> > >> > your existing main.cf and master.cf files.
      >> > >> >
      >> > >>
      >> > >>
      >> > > Thanks Victor. Reading from 2.6 releasing notes, it looks like postfix
      >> > > changed how multiple instances are handled. I am going to test on
      >> sandbox.
      >> >
      >> > Sorry about beating the dead horse, but just came to know that there are
      >> few
      >> > 2.2 postfix instances which needs to upgraded to 2.7  as well. Does
      >> upgrade
      >> > stands true for 2.2 to 2.7 or install a clean 2.7 and just port the
      >> postconf
      >> > -n will suffice?
      >>
      >> No. The config files need to be upgraded, not overwritten.
      >>
      >> If you install clean 2.7, then follow instructions above as with
      >> "not well constructed package", i.e. save the config files, install
      >> Postfix, restore the config files and do "postfix set-permissions
      >> upgrade-configuration".
      >>
      >>        Wietse
      >>
      >
      >
      > Awsome, thank you. Testing the upgrade from 2.2 to 2.7.
      >

      --
      Sent from my mobile device

      Victor,  I see these message after upgrade and in fact its RHEL4 w/ openssl-0.9.7a-43.17.el4_6.1

      Nov  3 12:02:11 MXHOST postfix/smtp[6209]: certificate verification failed for MXHOST-1[10.46.200.23]:25: untrusted issuer /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
      Nov  3 12:02:11 MXHOST postfix/smtp[6209]: warning: tls_text_name: MXHOST-1[10.46.200.23]:25: error decoding peer subject CN of ASN.1 type=12
      Nov  3 12:02:11 MXHOST postfix/smtp[6209]: warning: TLS library problem: 6209:error:0D07A0A0:asn1 encoding routines:ASN1_mbstring_copy:unknown format:a_mbstr.c:142:

      I see your patch "coded_CN_buf = vstring_alloc(strlen(CN) + 1); \" on  http://www.mailinglistarchive.com/postfix-users@.../msg35241.html which already in place for 2.7.1.

      I know its not postfix issue, cause I was getting cert error even before upgrade, but "TLS Library Problem" is an additional error after the upgrade.


      Cheers.



    • Victor Duchovni
      ... I don t know what fixes RedHat backports to OpenSSL 0.9.7, but this is rather an anciennt and otherwise unsupported version of OpenSSL. I would not even
      Message 2 of 10 , Nov 3, 2010
        On Wed, Nov 03, 2010 at 12:21:20PM -0400, Linux Addict wrote:

        > Victor, I see these message after upgrade and in fact its RHEL4
        > w/ openssl-0.9.7a-43.17.el4_6.1

        I don't know what fixes RedHat backports to OpenSSL 0.9.7, but this is
        rather an anciennt and otherwise unsupported version of OpenSSL. I would
        not even recommend 0.9.8 at this point. You really should be using 1.0.0a.

        That said.

        > Nov 3 12:02:11 MXHOST postfix/smtp[6209]: certificate verification failed
        > for MXHOST-1[10.46.200.23]:25: untrusted issuer /C=US/O=The Go Daddy Group,
        > Inc./OU=Go Daddy Class 2 Certification Authority

        harmless.

        > Nov 3 12:02:11 MXHOST postfix/smtp[6209]: warning: tls_text_name:
        > MXHOST-1[10.46.200.23]:25: error decoding peer subject CN of ASN.1 type=12

        Harmless. OMG, somebody on the Internet has a malformed certificate. :-)

        > Nov 3 12:02:11 MXHOST postfix/smtp[6209]: warning: TLS library problem:
        > 6209:error:0D07A0A0:asn1 encoding routines:ASN1_mbstring_copy:unknown
        > format:a_mbstr.c:142:

        Ditto.

        > I know its not postfix issue, cause I was getting cert error even before
        > upgrade, but "TLS Library Problem" is an additional error after the upgrade.

        Nothing to worry about. I expect the message was delivered despite
        the warnings.

        --
        Viktor.
      Your message has been successfully submitted and would be delivered to recipients shortly.