Debian Bug report logs - #579563
sendmail-bin: does not load all signature algorithms for TLS

version graph

Package: sendmail-bin; Maintainer for sendmail-bin is Jakub Safarik <jsafarik@ymail.com>; Source for sendmail-bin is src:sendmail.

Reported by: "brian m. carlson" <sandals@crustytoothpaste.net>

Date: Wed, 28 Apr 2010 16:51:02 UTC

Severity: important

Found in version sendmail/8.14.3-9.1

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Richard A Nelson (Rick) <cowboy@debian.org>:
Bug#579563; Package sendmail-bin. (Wed, 28 Apr 2010 16:51:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to "brian m. carlson" <sandals@crustytoothpaste.ath.cx>:
New Bug report received and forwarded. Copy sent to Richard A Nelson (Rick) <cowboy@debian.org>. (Wed, 28 Apr 2010 16:51:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: sendmail-bin: does not load all signature algorithms for TLS
Date: Wed, 28 Apr 2010 16:49:09 +0000
[Message part 1 (text/plain, inline)]
Package: sendmail-bin
Version: 8.14.3-9.1
Severity: important

Sendmail logs the following:

Apr 28 03:02:04 castro sm-mta[3225]: NOQUEUE: connect from localhost [127.0.0.1]
Apr 28 03:02:04 castro sm-mta[3225]: o3S324GI003225: Milter (mimedefang): init success to negotiate
Apr 28 03:02:04 castro sm-mta[3225]: o3S324GI003225: Milter: connect to filters
Apr 28 03:02:04 castro sendmail[3224]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Apr 28 03:02:04 castro sm-mta[3225]: STARTTLS=read: 3225:error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm:a_verify.c:146:
Apr 28 03:02:04 castro sm-mta[3225]: STARTTLS: read error=generic SSL error (-1), errno=11, get_error=error:00000000:lib(0):func(0):reason(0), retry=99, ssl_err=1

This appears to be because the certificate used for localhost uses
sha512 as a message digest.  Sendmail does not call
OpenSSL_add_all_algorithms(), which causes OpenSSL not to find the
relevant algorithms.  You can see the relevant OpenSSL bug report at
<http://rt.openssl.org/Ticket/Display.html?id=2197&user=guest&pass=guest>.

Sendmail should probably call OpenSSL_add_all_algorithms().
-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
[signature.asc (application/pgp-signature, inline)]

Changed Bug submitter to '"brian m. carlson" <sandals@crustytoothpaste.net>' from '"brian m. carlson" <sandals@crustytoothpaste.ath.cx>' Request was from "brian m. carlson" <sandals@crustytoothpaste.net> to control@bugs.debian.org. (Thu, 03 Feb 2011 20:52:06 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 11:45:10 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.