wim <[email protected]> writes:
> Hi everybody,
>
> I have this weird issue.
> I can read the mails with mutt on openbsd but when I want to sent I
> get this message from the mutt log:
> [2022-07-08 14:33:16]<M> mutt_send_message() Sending message...
> [2022-07-08 14:33:16]<M> raw_socket_open() Looking up mail.thinkerwim.org...
> [2022-07-08 14:33:16]<M> raw_socket_open() Connecting to
> mail.thinkerwim.org...
> [2022-07-08 14:33:16]<E> ssl_negotiate() SSL failed:
> error:14FFF086:SSL routines:(UNKNOWN)SSL_internal:certificate verify
> failed
> [2022-07-08 14:33:16]<E> smtp_open() Could not negotiate TLS connection
>
> From the OPENSMTPD maillog I find this
> Jul 8 14:33:16 thinkerwim smtpd[86584]: f5be1a0080460e5e smtp
> connected address=46.23.92.40 host=mail.thinkerwim.org
> Jul 8 14:33:16 thinkerwim smtpd[86584]: f5be1a0080460e5e smtp
> disconnected reason="io-error: handshake failed: error:1403F416:SSL
> routines:ACCEPT_SR_FINISHED:sslv3 alert certificate unknown"
>
>
> The weird thing is , if I run the same configuration of mutt on my
> linux machine everything works.
>
You might want to rethink your definition of "works" in this case.
> Any idea ?
>
You sure you've configured a certificate and TLS on your mailserver? I
don't see one. I a TLS listener on port :443 of mail.thinkerwim.org but
that cert is for www.thinkerwim.org.
$ openssl s_client -showcerts -servername mail.thinkerwim.org -connect
mail.thinkerwim.org:587
CONNECTED(00000003)
14696819295368:error:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert
protocol version:/usr/src/lib/libssl/tls13_lib.c:151:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 322 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.3
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Start Time: 1657288016
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
