Hi,
I had misunderstood your mail and the issue when I first read this
so here's a new answer ;-)
On Tue, May 17, 2016 at 08:47:09AM +0100, John Cox wrote:
> Hi
>
> Since I upgraded to OpenBSD 5.9 (I think) I've been getting TLS
> validation errors in the headers:
>
> TLS version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384
> bits=256 verify=NO
>
> Prior to the upgrade I would get verify=YES. (I think it was the
> upgrade to OpenBSD 5.9 and whichever OpenSMTPD that comes with it that
> did it - it was certainly about that time)
>
> I have now upgraded OpenSMTPD to the current 5.9.2 release and that
> makes no difference.
>
Following suggestions from one of ourr libressl hackers we now only request
client certificate when 'tls-require verify' is specified.
You can see the commit and rationale here:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/ssl_smtpd.c?rev=1.10&content-type=text/x-cvsweb-markup
verify=NO is the default, the only cases where you'll get another value
is if you requested verify and it succeeded.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
