[openssl.org #2895] Sendmail v8.14.4 is not working with OpenSSL 0.9.8m onwards on AIX

Discussion:

vikas vicky via RT

2012-10-11 14:11:11 UTC

Hello OpenSSL Developers,

I have an issue related to OpenSSL & Sendmail, in which sendmail is not
working with OpenSSL 0.9.8m onwards and so, I want to report this bug.

Though, it works fine with OpenSSL 0.9.8k & OpenSSL 0.9.8l but fails with
OpenSSL 0.9.8m ,0.9.8n etc ( till the latest 0.9.8x ) .
Please note that nothing has been changed from the configuration point of
view ( for both OpenSSL as well as Sendmail ) while updating from
OpenSSL 0.9.8k to a version >= 0.9.8m .

*I am using TLS version of sendmail compiled with STARTTLS & the Operating
System being used is AIX*.
*The Sendmail version is - 8.14.4 .*

The steps to reproduce the issue are as below -

1. *stopsrc -s sendmail*

2.* ln -sf /usr/sbin/sendmail_ssl /usr/lib/sendmail * ( to make
sure the sendmail binary compiled with STARTTLS i.e /usr/sbin/sendmail_ssl
will be used )

3. *startsrc -s sendmail -a "-bd -q30" *

4.Now execute the below command on the same machine -

# *openssl s_client -starttls smtp -connect localhost:25 -CApath
/etc/mail/certs*
CONNECTED(00000004)
5243082:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:182: <== Error message.

Also , the following error is beoing logged in the syslog file -

*Oct 11 02:07:12 vayu10 mail:warn|warning sendmail[5767316]:
STARTTLS=server, error: accept failed=0, SSL_error=1, errno=0, retry=-1,
relay=localhost [127.0.0.1]
Oct 11 02:07:12 vayu10 mail:warn|warning sendmail[5767316]:
STARTTLS=server: 5767316:error:140B6044:SSL
routines:SSL_GET_SERVER_SEND_CERT:internal error:ssl_lib.c:1991:
Oct 11 02:07:12 vayu10 mail:warn|warning sendmail[5767316]:
STARTTLS=server: 5767316:error:1409A044:SSL
routines:SSL3_SEND_SERVER_CERTIFICATE:internal error:s3_srvr.c:2657:
Oct 11 02:07:12 vayu10 mail:info sendmail[5767316]: q9B77C475767316:
localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection
to MTA
*
The same setup is working with older OpenSSL versions 0.9.8k & 0.9.8l .I
noticed some major changes in OpenSSL 0.9.8.m from renegotiation point of
view due to *CVE-2009-3555* .

I debugged this quite a few times & found that *value of*
*s->s3->tmp.new_cipher
is NULL* which should contain a selected Cipher value.

Any help is much appreciated.

=========================

Thanks
Vikas K Vicky

vikas vicky via RT

2013-04-26 10:12:02 UTC

Permalink

Hello Guys ,

Any help / suggestion/work-around is greatly appreciated for this issue.

Thank you all for your help & time .

=========================

Thanks
Vikas K Vicky

Greetings,
This message has been automatically generated in response to the
"Sendmail v8.14.4 is not working with OpenSSL 0.9.8m onwards on
AIX",
a summary of which appears below.
There is no need to reply to this message right now. Your ticket has been
assigned an ID of [openssl.org #2895].
[openssl.org #2895]
in the subject line of all future correspondence about this issue. To do
so,
you may reply to this message.
Thank you,
-------------------------------------------------------------------------
Hello OpenSSL Developers,
I have an issue related to OpenSSL & Sendmail, in which sendmail is not
working with OpenSSL 0.9.8m onwards and so, I want to report this bug.
Though, it works fine with OpenSSL 0.9.8k & OpenSSL 0.9.8l but fails with
OpenSSL 0.9.8m ,0.9.8n etc ( till the latest 0.9.8x ) .
Please note that nothing has been changed from the configuration point of
view ( for both OpenSSL as well as Sendmail ) while updating from
OpenSSL 0.9.8k to a version >= 0.9.8m .
*I am using TLS version of sendmail compiled with STARTTLS & the Operating
System being used is AIX*.
*The Sendmail version is - 8.14.4 .*
The steps to reproduce the issue are as below -
1. *stopsrc -s sendmail*
2.* ln -sf /usr/sbin/sendmail_ssl /usr/lib/sendmail * ( to make
sure the sendmail binary compiled with STARTTLS i.e /usr/sbin/sendmail_ssl
will be used )
3. *startsrc -s sendmail -a "-bd -q30" *
4.Now execute the below command on the same machine -
# *openssl s_client -starttls smtp -connect localhost:25 -CApath
/etc/mail/certs*
CONNECTED(00000004)
5243082:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:182: <== Error message.
Also , the following error is beoing logged in the syslog file -
STARTTLS=server, error: accept failed=0, SSL_error=1, errno=0, retry=-1,
relay=localhost [127.0.0.1]
STARTTLS=server: 5767316:error:140B6044:SSL
STARTTLS=server: 5767316:error:1409A044:SSL
localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection
to MTA
*
The same setup is working with older OpenSSL versions 0.9.8k & 0.9.8l .I
noticed some major changes in OpenSSL 0.9.8.m from renegotiation point of
view due to *CVE-2009-3555* .
I debugged this quite a few times & found that *value of*
*s->s3->tmp.new_cipher
is NULL* which should contain a selected Cipher value.
Any help is much appreciated.
=========================
Thanks
Vikas K Vicky

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org

vikas vicky via RT

2013-05-03 17:00:04 UTC

Permalink

Hello Guys ,

Any help / suggestion/work-around is greatly appreciated for this issue.

Thank you all for your help & time .

=========================

Thanks
Vikas K Vicky

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org

Rich Salz via RT

2014-10-13 11:39:44 UTC

Permalink

Not enough information to reproduce, very old release, closing ticket.
--
Rich Salz, OpenSSL dev team; ***@openssl.org

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org