Re: [exim] Delay on exim send increases with uptime

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Viktor Dukhovni
Date:  
À: exim-users
Sujet: Re: [exim] Delay on exim send increases with uptime
On Sat, Feb 01, 2020 at 02:42:06PM -0500, Holden Rohrer via Exim-users wrote:

> It turns out that Debian's openssl is kind of broken, and this is a known issue
> (https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/396818).


This isn't it. It is rather outdated, against a command-line utility in
no longer used versions of OpenSSL.

> I've tried rebuilding it (and Exim), but `openssl s_client -starttls
> smtp -connect smtp.gmail.com:587` still doesn't work without
> `-CApath=/etc/ssl/certs` (which were installed by Debian's
> ca-certificates).


Is your build configured to look in /etc/ssl for certificates? Likely not.

    $ openssl version -d
    OPENSSLDIR: "/etc/ssl"


> For building openssl, I've tried to set a few different permutations
> of `./config --prefix=/usr --openssldir=/etc/ssl`, but I haven't
> managaged to get this working. Is this not actually a problem, and
> I've misconfigured Exim's recognition of mailserver SSL, or is it not
> recognizing the right openssl, or something?


Also make sure that Exim is linked against the same OpenSSL library
that your "openssl" command-line executable.

> I've tried both ways of including OPENSSL in Local/Makefile (with and without
> pkg-config), but neither worked. I figure this is the root of the issue, so how
> should I configure the build of Exim/openssl/some other package to handle this?


Use the OpenSSL library that comes with the OS, and place the "cert.pem"
file and "certs/" sub-directory at the location reported by the system's
"openssl version -d". On my FreeBSD system for example:

    $ strings /usr/local/lib/libcrypto.so | grep /cert
    /usr/local/openssl/certs
    /usr/local/openssl/cert.pem


-- 
    Viktor.