On Sat, Apr 23, 2005 at 09:04:54AM -0400, David Hollis wrote: > On Fri, 2005-04-22 at 20:07 +0200, Thomas Zehetbauer wrote: > > Today's rawhide update broke my postfix's smtp over ssl capability. > > postfix/smtpd[8117]: warning: TLS library problem: 8117:error:02001002:system library:fopen:No such file or directory:bss_file.c:104:fopen('/usr/share/ssl/certs/ca-bundle.crt','r'): > > postfix/smtpd[8117]: warning: TLS library problem: 8117:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:107: > > postfix/smtpd[8117]: warning: TLS library problem: 8117:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:279: > > postfix/smtpd[8117]: connect from localhost[127.0.0.1] > > postfix/smtpd[8117]: Could not allocate 'TLScontext->con' with SSL_new() > > postfix/smtpd[8117]: warning: TLS library problem: 8117:error:140BA0C3:SSL routines:SSL_new:null ssl ctx:ssl_lib.c:231: > > postfix/smtpd[8117]: lost connection after CONNECT from localhost[127.0.0.1] > > postfix/smtpd[8117]: disconnect from localhost[127.0.0.1] > > The latest OpenSSL packages moved all of the certs/keys to /etc/pki. In > your postfix config, change the path to the ca-bundle to > be /etc/pki/tls/certs and you should be all set. No application should contain hard-coded references to the ca-bundle.crt filename in the first place, they should obtain it at run-time via X509_get_default_cert_file() or if possible just use SSL_CTX_set_default_verify_paths() - can you file bugs on that? Regards, joe