talklists at newgeo.com
Mon Jul 13 12:19:47 PDT 2009
>>>> What I do know, is ASSP needs p5-net-ssleay, there is a suspicion
>>>> that the openssl version I am working against is too old, or too
>>>> buggy, so I need to try to solve that.
>>> Hard to say without knowing how things aren't working; I know some
>>> doesn't like when you compile using one version of headers then
>>> link against
>>> a different version of libraries.
>> ASSP is a email proxy, it supports SSL and TLS mostly by using p5's
>> to make it all happen. The setup is Internet -> ASSP -> MTA
>> If I made a SSL or TLS enabled connection directly to the MTA on port
>> 25, SSL and/or TLS will work fine.
>> If I make a connection to the ASSP proxy, it works some of the time.
>> I send a email in the command line:
>> `mail user at remote-mta-machine`
>> This will always work
>> `mail user at assp-proxy` this simply hits port 25, which is set to
>> proxy to the far end MTA. It fails the SSL parts entirely. Some
>> hosts that I send the `mail` command from work, others do not. I
>> subscribed to a few mailing lists, some get through, some do not.
> Some addresses working and others not, that doesn't sound like an
> connection issue (which would implicate SSL/TLS) but something after
> By 'fails the SSL parts entirely' what exactly do you mean, does it
> fail to
> finish the initial TCP handshake, fail to verify the cert, something
I wish I knew. This is hard one for me to debug. Basically, an email
from the outside world comes in, hits the proxy on port 25, and all I
see in the ASSP logs is "starting SSL connection" and "SSL connection
failed, problem with MTA?". Not exact verbiage, but the basics are the
Some cases I can get this to happen with a machine I am in control of,
so I can look at the logs on that sending machine. I just get a
dropped connection, and the mail is queued up and will be tried again
later. Curiously, in 5 hours or so, they can sometimes make it through.
>> I can use openssl as a client, and connect to the remote far end MTA
>> just fine, connecting to ASSP, and I get the connection, but that is
>> as far as I get.
> If you can see the cert (eg, by using --showcerts with s_client)
> then that
> sounds like SSL/TLS is working fine.
I thought so too, and those work on the machines I have access to
where I can make tests. However, letting a local delivery agent try,
and it will not work.
>> I know what p5's ASSP installs, and can easily tell what dependencies
>> I need to track down to look at. However, those depend on perl,
>> which was installed, and curses was installed; a lot of other things
>> too. Can I be reasonably confident, if any of those use openssl libs
>> and headers, I need not run otool on them, and do any checking?
> The big problem is that for any new ports, checking linkage is a
> good thing,
> especially for bits that get loaded into larger programs (like perl
> modules). If you aren't careful you can end up with one part
> linking to the
> system library and another part to the MacPorts equivalent. This
> can then
> lead to version mismatches and software crashing.
I checked the better part of the libs with otool, and all seems to be
in order. I went as far as installing this whole batch via CPAN, and
got the same problems as well.
>> Can you show me how you tried them, I was not able to get them to
>> work, but all I did was `perl filename` which probably was not a
>> valid way to test. I really do not know perl, or SSL vocabulary well
>> enough to properly test these out.
> After it built (I have port's autoclean off so the build dir was still
> available), I simply move into the top dir for p5-io-socket-ssl (the
> with the example directory among others). From here, I ran
> $ /opt/local/bin/perl5.8 example/ssl_server.pl
> in one terminal and the ssl_client.pl in another, and watched those
> fine. Leaving the ssl_server process up, I then used
> $ openssl s_client -connect localhost:9000 -showcerts -debug
> to connect to the server and verify it was able to get the cert,
> which it
I downloaded the source in order to get the examples directory. I
then ran this
unable to create socket: IO::Socket::INET configuration failederror:
Am I doing something wrong, how were you able to get that to work?
Scott * If you contact me off list replace talklists@ with scott@ *
More information about the macports-dev