From owner-freebsd-net  Mon Feb  3 15:37:53 2003
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id F3E4337B401; Mon,  3 Feb 2003 15:37:52 -0800 (PST)
Received: from horsey.gshapiro.net (horsey.gshapiro.net [64.105.95.154])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 78D0443F75; Mon,  3 Feb 2003 15:37:52 -0800 (PST)
	(envelope-from gshapiro@gshapiro.net)
Received: from horsey.gshapiro.net (gshapiro@localhost [IPv6:::1])
	by horsey.gshapiro.net (8.12.8/8.12.8) with ESMTP id h13NbZQV030003
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO);
	Mon, 3 Feb 2003 15:37:35 -0800 (PST)
Received: (from gshapiro@localhost)
	by horsey.gshapiro.net (8.12.8/8.12.8/Submit) id h13NbXVO030000;
	Mon, 3 Feb 2003 15:37:33 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15934.64829.7599.255287@horsey.gshapiro.net>
Date: Mon, 3 Feb 2003 15:37:33 -0800
From: Gregory Neil Shapiro <gshapiro@FreeBSD.org>
To: Mikhail Teterin <mi+mx@aldan.algebra.com>
Cc: questions@FreeBSD.org, net@FreeBSD.org
Subject: Re: sendmail and SSL-based relaying
In-Reply-To: <200302031755.37824.mi+mx@aldan.algebra.com>
References: <200302031755.37824.mi+mx@aldan.algebra.com>
X-Mailer: VM 7.07 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

mi+mx> I set things up once some time ago for one of my machines to relay
mi+mx> e-mail from another -- based on SSL-certificate presented. I'm my
mi+mx> own issuer. The setup was working for a while, but broke recently --
mi+mx> the relay-to-be now rejects relaying, even though it verifies the
mi+mx> certificate Ok.

Does it actually verify it as ok or are you using the logging you gave to
assume it is ok?  It was just showing the subject and issuer, not the
validity.  The first thing I would check is to make sure the CA cert and
user cert are not expired.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message