Bug 134074

Summary: sendmail is unable to find local issuer certificate for tls
Product: [Fedora] Fedora Reporter: Yves Teetzen <bugzilla>
Component: sendmailAssignee: Thomas Woerner <twoerner>
Status: CLOSED INSUFFICIENT_DATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 1   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-10-25 20:08:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Yves Teetzen 2004-09-29 13:32:48 UTC 
Description of problem:
when checking the chain of certificates for starttls, sendmail is not 
looking in confCACERT_PATH for hash-linked trusted certificates.

Version-Release number of selected component (if applicable):
rpm-version: sendmail-8.12.10-1.1.1

How reproducible:
always

Steps to Reproduce:
1.configure sendmail for tls
2.relay mail over provider who requires smtp_auth/tls
3.see logfile and/or watch confCACERT_PATH with dazuko
  
Actual results:
Logentry, saying, remote cert could not be verified, because local 
issuer cert could not be found.

Expected results:
As issuer cert is trusted, it should be found in confCACERT_PATH, but 
corresponding cert isn't touched by sendmail.

Additional info:
When simulating with openssl s_client and explicitly offering issuer 
cert as CAfile, verification is successful.
Comment 1 Thomas Woerner 2004-10-07 15:03:35 UTC 
Please check this with the rawhide package. There was a fix for the
certificate directory of sendmail.
Comment 2 Yves Teetzen 2004-10-07 16:03:11 UTC 
Where do I get a package fitting into FC1? Taking the actual 
development package would break several dependencies on my system.
Comment 3 Thomas Woerner 2006-07-11 13:40:48 UTC 
Please rebuild from the rawhide SRPM.
Comment 4 John Thacker 2006-10-25 20:08:38 UTC 
Closed per above message and lack of response.  Note that FC1 is not even
supported by Fedora Legacy currently.