Bug 61856

Summary: STARTTLS does not work
Product: [Retired] Red Hat Public Beta Reporter: Per Steinar Iversen <persteinar.iversen>
Component: sendmailAssignee: Florian La Roche <laroche>
Status: CLOSED NOTABUG QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: skipjack-beta1   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-03-26 17:06:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Per Steinar Iversen 2002-03-25 11:06:15 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020311

Description of problem:
Sendmail 8.12.2 supports STARTTLS, but the version distributed with the Skipjack
beta1 has problems, for example there is no /usr/share/ssl/certs/sendmail.pem
created by the sendmail rpm.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. telnet to port 25
2. Say: EHLO something
3. No STARTTLS is listed as an ESTMP option
	

Actual Results:  No STARTTLS is listed as an ESTMP option

Expected Results:  It would be much nicer to see STARTTLS listed.

Additional info:

sendmail seems to be built with STARTTLS support, so this should just be a
configuration issue.
Comment 1 Joe Christy 2002-03-26 17:06:34 UTC 
FYI sendmail won't show STARTTLS in response to an EHLO until the proper certs
are installed. It would seem problematic to distribute with some generic certs
for security reasons.
Comment 2 Florian La Roche 2002-03-26 20:30:24 UTC 
I also think this should be configured on a local machine if it is wanted.

Thanks,

Florian La Roche
Comment 3 Per Steinar Iversen 2002-03-27 10:38:26 UTC 
Similar certificates are generated for Apache and imapd, the security implications would seem 
to be about the same as for generating one for sendmail.

I generated a sendmail.pem in the 
right directory using the Makefile found in /usr/share/ssl/certs and restarted sendmail, but 
no STARTTSL appeared.