| Deutsch English Français Italiano |
|
<vlfspb$1g6rm$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail From: AMM <anon.amish@gmail.com> Newsgroups: comp.mail.sendmail Subject: Re: OpenSSL 3.4.x supported? Date: Mon, 6 Jan 2025 11:51:31 +0530 Organization: A noiseless patient Spider Lines: 47 Message-ID: <vlfspb$1g6rm$1@dont-email.me> References: <vknu9u$4th9$1@dont-email.me> <vko2nb$99d$1@news.misty.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Mon, 06 Jan 2025 07:21:33 +0100 (CET) Injection-Info: dont-email.me; posting-host="9afea14e0545b0fb5a52087b4bf28d7d"; logging-data="1579894"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+HlUp4AMBcTbUv2HzpyXoj4EQ5sMhMsCI=" User-Agent: Mozilla Thunderbird Cancel-Lock: sha1:E9kliTnIBbd4WN9OyUQywHXmY7I= Content-Language: en-US In-Reply-To: <vko2nb$99d$1@news.misty.com> Bytes: 2377 On 28/12/24 11:05 am, Claus Aßmann wrote: > AMM wrote: > >> And there was some issue with OpenSSL 3.1.x and a bug reported was also >> filed with OpenSSL. I can not recall what the issue was. I just faintly > > Do you mean > "there is a double-free bug in 3.2.0 related to DANE" > See the openssl-users mailing list or > https://github.com/openssl/openssl/pull/22821 > > The bug was resolved. Yes that's the one. > >> Or can sendmail be used with OpenSSL 3.4.x series safely now? > > No idea - why don't you give it a try and report back? I took the risk and put it (8.18.1) on production server. All seems to work fine from 2 days. (touchwood) However I am concerned about this new line in sendmail.cf file. EOPENSSL_CONF=/etc/mail/sendmail.ossl In my case this file does not exist. From 8.18.1 RELEASE NOTES: Note: OpenSSL 3 loads by default an openssl.cnf file from a location specified in the library which may cause unwanted behaviour in sendmail. Hence sendmail sets the environment variable OPENSSL_CONF to /etc/mail/sendmail.ossl to override the default. It is not clear what unwanted behaviour can occur if OpenSSL defaults are used? Didn't sendmail use OpenSSL defaults, earlier too? Ideally, what setting should be mentioned in /etc/mail/sendmail.ossl? Thank you AMM.