Bug 134074 - sendmail is unable to find local issuer certificate for tls
sendmail is unable to find local issuer certificate for tls
Product: Fedora
Classification: Fedora
Component: sendmail (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Depends On:
  Show dependency treegraph
Reported: 2004-09-29 09:32 EDT by Yves Teetzen
Modified: 2008-08-02 19:40 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-10-25 16:08:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Yves Teetzen 2004-09-29 09:32:48 EDT
Description of problem:
when checking the chain of certificates for starttls, sendmail is not 
looking in confCACERT_PATH for hash-linked trusted certificates.

Version-Release number of selected component (if applicable):
rpm-version: sendmail-8.12.10-1.1.1

How reproducible:

Steps to Reproduce:
1.configure sendmail for tls
2.relay mail over provider who requires smtp_auth/tls
3.see logfile and/or watch confCACERT_PATH with dazuko
Actual results:
Logentry, saying, remote cert could not be verified, because local 
issuer cert could not be found.

Expected results:
As issuer cert is trusted, it should be found in confCACERT_PATH, but 
corresponding cert isn't touched by sendmail.

Additional info:
When simulating with openssl s_client and explicitly offering issuer 
cert as CAfile, verification is successful.
Comment 1 Thomas Woerner 2004-10-07 11:03:35 EDT
Please check this with the rawhide package. There was a fix for the
certificate directory of sendmail.
Comment 2 Yves Teetzen 2004-10-07 12:03:11 EDT
Where do I get a package fitting into FC1? Taking the actual 
development package would break several dependencies on my system.
Comment 3 Thomas Woerner 2006-07-11 09:40:48 EDT
Please rebuild from the rawhide SRPM.
Comment 4 John Thacker 2006-10-25 16:08:38 EDT
Closed per above message and lack of response.  Note that FC1 is not even
supported by Fedora Legacy currently.

Note You need to log in before you can comment on or make changes to this bug.