[Bug 253060] sendmail submit is unable to verify certificate

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 08 Jul 2021 12:09:23 UTC

Michael Osipov <michael.osipov@siemens.com> changed:

           What    |Removed                     |Added
                 CC|                            |bapt@FreeBSD.org,
                   |                            |kevans@freebsd.org,
                   |                            |michael.osipov@siemens.com

--- Comment #2 from Michael Osipov <michael.osipov@siemens.com> ---
I have just hit the same issue in a jail.

Sendmail is configured with a smart host (mail relay) company-internal, the
mail server offers STARTTLS, sendmail follows and fails:
> Jul  8 14:02:46 deblndw013x3j sm-mta[88641]: STARTTLS=client, relay=mail2.siemens.de., version=TLSv1.2, verify=FAIL, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256

I have added company root and intermediate CA certificates to LOCALBASE and
rehashed. As Leo desribed, both default values for CACERT and especially
CACERT_PATH are unusable, the default config is unsuable.

You are receiving this mail because:
You are the assignee for the bug.