Postfix, CAfile and Macports
Johannes Kastl
mail at ojkastl.de
Thu Jan 26 07:11:01 UTC 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 25.01.17 22:28 Daniel J. Luke wrote:
> What does `openssl s_client -connect 78.46.5.205:25 -starttls
> smtp` > say?
"verify return: 1" sounds like problems, but "Verify return code: 0
(ok)" at the end sounds ok.
>> openssl s_client -connect 78.46.5.205:25 -starttls smtp
> CONNECTED(00000003) depth=2 C = US, O = GeoTrust Inc., CN =
> GeoTrust Global CA verify return:1 depth=1 C = US, O = GeoTrust
> Inc., CN = RapidSSL SHA256 CA - G3 verify return:1 depth=0 OU =
> GT60799501, OU = See www.rapidssl.com/resources/cps (c)14, OU =
> Domain Control Validated - RapidSSL(R), CN = *.your-server.de
> verify return:1 --- Certificate chain 0 s:/OU=GT60799501/OU=See
> www.rapidssl.com/resources/cps (c)14/OU=Domain Control Validated
> - RapidSSL(R)/CN=*.your-server.de i:/C=US/O=GeoTrust
> Inc./CN=RapidSSL SHA256 CA - G3 1 s:/C=US/O=GeoTrust
> Inc./CN=RapidSSL SHA256 CA - G3 i:/C=US/O=GeoTrust
> Inc./CN=GeoTrust Global CA 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust
> Global CA i:/C=US/O=Equifax/OU=Equifax Secure Certificate
> Authority --- Server certificate -----BEGIN CERTIFICATE-----
> [snipped] -----END CERTIFICATE----- subject=/OU=GT60799501/OU=See
> www.rapidssl.com/resources/cps (c)14/OU=Domain Control Validated
> - RapidSSL(R)/CN=*.your-server.de issuer=/C=US/O=GeoTrust
> Inc./CN=RapidSSL SHA256 CA - G3 --- No client certificate CA
> names sent Peer signing digest: SHA512 Server Temp Key: DH, 2048
> bits --- SSL handshake has read 4814 bytes and written 661 bytes
> --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384 Server
> public key is 2048 bit Secure Renegotiation IS supported
> Compression: NONE Expansion: NONE No ALPN negotiated
> SSL-Session: Protocol : TLSv1.2 Cipher :
> DHE-RSA-AES256-GCM-SHA384 Session-ID:
> 33A4A8F6FC9B4EFAC46E1D7351535704B2890DC738C5DB02550AC5CE5F9CB871
> Session-ID-ctx: Master-Key:
> 338B12D3D7664BA2F34E55B6B778CB2C52BC47E54CE220F7940075444BED347F1627
2695D8965B4130EBE18010260C55
>
>
Key-Arg : None
> PSK identity: None PSK identity hint: None SRP username: None TLS
> session ticket lifetime hint: 200 (seconds) TLS session ticket:
> 0000 - 63 af 28 f0 5c 0c 7c ff-de 10 0e 6c 0b c6 bb 8b
> c.(.\.|....l.... 0010 - fd 5b 88 59 b0 b9 a2 3e-37 1c dc bc b5 70
> bd 20 .[.Y...>7....p. 0020 - e1 be 99 56 36 37 95 6b-12 89 f0
> 12 67 bb b7 d1 ...V67.k....g... 0030 - 9a 3b a3 aa 64 33 84
> 74-80 d9 eb 27 46 11 59 ef .;..d3.t...'F.Y. 0040 - 77 b0 99 2d
> 34 11 20 02-9e 96 48 71 be 2f cb e1 w..-4. ...Hq./.. 0050 - af
> 16 85 2d aa 98 75 a7-10 5a 9c 8e a0 26 76 a5 ...-..u..Z...&v.
> 0060 - 50 de 1d 1a 62 70 16 c9-4b d7 31 33 3d 78 b5 a7
> P...bp..K.13=x.. 0070 - df 87 3b 37 24 3a c6 f4-30 b2 5d d7 84 73
> 89 0c ..;7$:..0.]..s.. 0080 - 0d 31 d1 99 56 a6 a7 7f-79 24 4b
> ea 98 7a 37 41 .1..V...y$K..z7A 0090 - 7d 6c d9 0d d0 31 28
> c7-7e 13 af 7b 42 ea 08 33 }l...1(.~..{B..3
>
> Start Time: 1485414417 Timeout : 300 (sec) Verify return code:
> 0 (ok) --- 250 HELP
Johannes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/
iEYEARECAAYFAliJoQQACgkQzi3gQ/xETbLSagCcCKjiFNnkfbtsuybEQ3QRBuTc
jxMAni691pMqnRXbp7sp6+HzpeEgy+VI
=5rPY
-----END PGP SIGNATURE-----
More information about the macports-dev
mailing list