Summary: | mail-mta/postfix not able to use SHA-256 TLS certificates with dev-libs/openssl-0.9.8n | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Karl-Johan Karlsson <creideiki+gentoo-bugzilla> |
Component: | [OLD] Server | Assignee: | Net-Mail Packages <net-mail+disabled> |
Status: | RESOLVED INVALID | ||
Severity: | major | CC: | mjo, pchrist |
Priority: | High | Keywords: | Bug |
Version: | 2006.1 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | Patch to add calls to OpenSSL_add_all_algorithms() in src/tls/tls_{server,client}.c. |
Description
Karl-Johan Karlsson
2010-04-05 08:03:12 UTC
Created attachment 226605 [details, diff]
Patch to add calls to OpenSSL_add_all_algorithms() in src/tls/tls_{server,client}.c.
I'm hit by this bug too. There is some discussion about it at debian bugzilla: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573748 (In reply to comment #1) > Created an attachment (id=226605) [details] > Patch to add calls to OpenSSL_add_all_algorithms() in > src/tls/tls_{server,client}.c. Was asked on postfix-users ML. Reply: http://marc.info/?l=postfix-users&m=126929279515251&w=2 Whole thread: http://marc.info/?l=postfix-users&m=126858092711015&w=2 I am not sure if patching postfix is the correct solution in this case. (In reply to comment #3) > Was asked on postfix-users ML. Reply: > http://marc.info/?l=postfix-users&m=126929279515251&w=2 Yes, I saw that, but it makes no sense to me. It says "Prior to TLS 1.2, certificates that use SHA-2 are not valid", but my certificate has been working for two years, until I upgraded OpenSSL to 0.9.8n. Did they suddenly realise that they supported something out-of-spec and removed it? By the way, my web server also has a sha256WithRSAEncryption certificate, but that still works. Even "openssl s_client" has no problems, and reports: SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA No TLS 1.2 in sight. > I am not sure if patching postfix is the correct solution in this case. Possibly not, but it was the easiest and fastest way to get my mail server back up. (In reply to comment #4) > Did they suddenly realise > that they supported something out-of-spec and removed it? It is OpenSSL that changed behaviour (between 0.9.8l and 0.9.8m I believe) not postfix. It now handles TLS versions properly. While, strictly speaking, Viktor Duchovni's "not valid" argument is correct, his refusal to incorporate the work around into postfix is the surprise here. Basically, he is trying to point the gun away from your foot. If you are an average postfix user, do not use X509 client certificates for access control. If you know what you are doing, well, do not use X509 client certificates for access control. Just do bilateral key management. And if you really must, you have the patch. PKI is such a mess and is not the way forward. Use public key fingerprints or GSSAPI (especially if you already use kerberos) if you are looking for something better than username/password. Hence, his refusal. Anyway, it is not my decison whether to include the patch or not. (In reply to comment #5) > Basically, he is trying to point the gun away from your foot. If you are an > average postfix user, do not use X509 client certificates for access control. Now I really don't understand. What do client certificates have to do with this bug? I've never used them. > Use public key fingerprints or > GSSAPI (especially if you already use kerberos) if you are looking for > something better than username/password. Again, I'm not. I'm using username/password over TLS. (In reply to comment #6) > Again, I'm not. I'm using username/password over TLS. My apologies in that case. Somehow misunderstood. Fixed in openssl snapshot which should become openssl-1.0.1: --- openssl-1.0.0-stable-SNAP-20100407/ssl/ssl_algs.c 2010-01-19 20:03:58.000000000 +0000 +++ openssl-1.0.0-stable-SNAP-20100408/ssl/ssl_algs.c 2010-04-07 14:02:24.000000000 +0000 @@ -105,6 +105,14 @@ EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); #endif +#ifndef OPENSSL_NO_SHA256 + EVP_add_digest(EVP_sha224()); + EVP_add_digest(EVP_sha256()); +#endif +#ifndef OPENSSL_NO_SHA512 + EVP_add_digest(EVP_sha384()); + EVP_add_digest(EVP_sha512()); +#endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); Can you please check with dev-libs/openssl-1.0.0a which includes the above patch? Thank you. (In reply to comment #9) > Can you please check with dev-libs/openssl-1.0.0a which includes the above > patch? That seems to work. This bug is now invalid for both stable and ~arch openssl? closing. not applicable anymore. |