Red Hat Bugzilla – Bug 134074
sendmail is unable to find local issuer certificate for tls
Last modified: 2008-08-02 19:40:32 EDT
Description of problem:
when checking the chain of certificates for starttls, sendmail is not
looking in confCACERT_PATH for hash-linked trusted certificates.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.configure sendmail for tls
2.relay mail over provider who requires smtp_auth/tls
3.see logfile and/or watch confCACERT_PATH with dazuko
Logentry, saying, remote cert could not be verified, because local
issuer cert could not be found.
As issuer cert is trusted, it should be found in confCACERT_PATH, but
corresponding cert isn't touched by sendmail.
When simulating with openssl s_client and explicitly offering issuer
cert as CAfile, verification is successful.
Please check this with the rawhide package. There was a fix for the
certificate directory of sendmail.
Where do I get a package fitting into FC1? Taking the actual
development package would break several dependencies on my system.
Please rebuild from the rawhide SRPM.
Closed per above message and lack of response. Note that FC1 is not even
supported by Fedora Legacy currently.