Sujet : Re: OpenSSL 3.4.x supported?
De : anon.amish (at) *nospam* gmail.com (AMM)
Groupes : comp.mail.sendmailDate : 06. Jan 2025, 07:21:31
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <vlfspb$1g6rm$1@dont-email.me>
References : 1 2
User-Agent : Mozilla Thunderbird
On 28/12/24 11:05 am, Claus Aßmann wrote:
AMM wrote:
And there was some issue with OpenSSL 3.1.x and a bug reported was also
filed with OpenSSL. I can not recall what the issue was. I just faintly
Do you mean
"there is a double-free bug in 3.2.0 related to DANE"
See the openssl-users mailing list or
https://github.com/openssl/openssl/pull/22821
The bug was resolved.
Yes that's the one.
Or can sendmail be used with OpenSSL 3.4.x series safely now?
No idea - why don't you give it a try and report back?
I took the risk and put it (8.18.1) on production server.
All seems to work fine from 2 days. (touchwood)
However I am concerned about this new line in sendmail.cf file.
EOPENSSL_CONF=/etc/mail/sendmail.ossl
In my case this file does not exist.
From 8.18.1 RELEASE NOTES:
Note: OpenSSL 3 loads by default an openssl.cnf file from a location specified in the library which may cause unwanted behaviour in sendmail. Hence sendmail sets the environment variable OPENSSL_CONF to /etc/mail/sendmail.ossl to override the default.
It is not clear what unwanted behaviour can occur if OpenSSL defaults are used? Didn't sendmail use OpenSSL defaults, earlier too?
Ideally, what setting should be mentioned in /etc/mail/sendmail.ossl?
Thank you
AMM.
OpenSSL 3.4.x supported?
Re: OpenSSL 3.4.x supported?