All my mail servers use a pgsql lookup via TLS.
After upgrading to 4.82 RC2, I'm getting:
---
…DEFER: PGSQL connection failed: SSL error: tlsv1 alert unknown ca
---
In the pgsql log:
---
"could not accept SSL connection: no certificate returned",,,,,,,,,""
---
TLS client access is configured as usual:
exim user is mailnull:
---
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
---
The .postgresql subdirectory of its home contains:
---
ls -l /var/spool/mqueue/.postgresql/
total 8
-r--r--r-- 1 root daemon 2565 Aug 4 14:14 ca_cert.pem
lrwxr-xr-x 1 root daemon 31 Sep 8 17:51 postgresql.crt -> maileserver.at.some.domain_server_cert.pem
lrwxr-xr-x 1 root daemon 30 Sep 8 17:51 postgresql.key -> maileserver.at.some.domain_server_key.pem
lrwxr-xr-x 1 root daemon 11 Sep 8 17:51 root.crt -> ca_cert.pem
-rw-r--r-- 1 root daemon 1838 Sep 7 09:55 maileserver.at.some.domain_server_cert.pem
-r-------- 1 mailnull daemon 1679 Sep 7 09:55 maileserver.at.some.domain_server_key.pem
---
Something has changed here or is broken in RC2.
Axel
PS: I have not changed my Local/Makefile:
---
# This setting is required for any TLS support (either OpenSSL or GnuTLS)
SUPPORT_TLS=yes
# Uncomment one of these settings if you are using OpenSSL; pkg-config vs not
# USE_OPENSSL_PC=openssl
TLS_LIBS=-lssl -lcrypto
# Uncomment the first and either the second or the third of these if you
# are using GnuTLS. If you have pkg-config, then the second, else the third.
# USE_GNUTLS=yes
# USE_GNUTLS_PC=gnutls
# TLS_LIBS=-lgnutls -ltasn1 -lgcrypt
---
openssl version is 0.9.8y
---
PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius