Switch to DuckDuckGo Search
   March 15, 2019  
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >

Toggle Join/Part | bottom
[00:55:56] *** andy_js <andy_js!~andy@94.6.62.238> has quit IRC (Quit: andy_js)
[02:43:19] *** sarvet <sarvet!~sarvet@dslb-088-078-194-227.088.078.pools.vodafone-ip.de> has joined #oi-dev
[03:56:21] *** ngchk1 <ngchk1!~ngchk1@b2b-92-50-91-166.unitymedia.biz> has quit IRC (Quit: Leaving)
[05:27:22] *** sarvet <sarvet!~sarvet@dslb-088-078-194-227.088.078.pools.vodafone-ip.de> has quit IRC (Quit: sarvet)
[06:51:33] *** mno-hime <mno-hime!~mno-hime@94.142.238.232> has quit IRC (Remote host closed the connection)
[06:51:58] *** mno-hime <mno-hime!~mno-hime@94.142.238.232> has joined #oi-dev
[08:29:53] *** tsoome <tsoome!~tsoome@148-52-235-80.sta.estpak.ee> has quit IRC (Quit: tsoome)
[08:31:49] *** pjama <pjama!~pjama@c110-23-110-13.kelvn4.qld.optusnet.com.au> has quit IRC (Ping timeout: 252 seconds)
[08:40:28] *** leoric <leoric!~alp@pyhalov.cc.rsu.ru> has quit IRC (Remote host closed the connection)
[08:43:26] *** leoric <leoric!~alp@pyhalov.cc.rsu.ru> has joined #oi-dev
[08:59:49] <leoric> mno-hime: please, allow maintainer edit of VirtualBox PR
[08:59:56] <leoric> want to push one patch
[09:29:30] *** pjama <pjama!~pjama@c110-23-110-13.kelvn4.qld.optusnet.com.au> has joined #oi-dev
[09:46:31] *** andy_js <andy_js!~andy@94.6.62.238> has joined #oi-dev
[09:53:29] *** tsoome <tsoome!~tsoome@148-52-235-80.sta.estpak.ee> has joined #oi-dev
[10:11:51] *** jimklimov <jimklimov!~jimklimov@31.7.243.238> has joined #oi-dev
[10:13:42] *** jimklimov1 <jimklimov1!~jimklimov@31.7.243.238> has joined #oi-dev
[10:14:36] *** jimklimov <jimklimov!~jimklimov@31.7.243.238> has quit IRC (Read error: Connection reset by peer)
[10:14:38] *** jimklimov1 <jimklimov1!~jimklimov@31.7.243.238> has quit IRC (Read error: Connection reset by peer)
[10:14:50] *** jimklimov <jimklimov!~jimklimov@31.7.243.238> has joined #oi-dev
[10:43:33] *** jimklimov <jimklimov!~jimklimov@31.7.243.238> has quit IRC (Read error: Connection reset by peer)
[10:43:56] *** jimklimov <jimklimov!~jimklimov@31.7.243.238> has joined #oi-dev
[11:11:50] <mnowak_> leoric, strange, I see it enabled
[11:12:12] <leoric> well, then do it yourself :)
[11:12:50] <leoric> I've added it in comment
[11:13:35] <leoric> + s/amd64/$(MACH64)/g
[12:23:58] <mnowak_> leoric, it's there :)
[12:40:03] *** jimklimov <jimklimov!~jimklimov@31.7.243.238> has quit IRC (Ping timeout: 252 seconds)
[13:17:14] *** jimklimov <jimklimov!~jimklimov@31.7.243.238> has joined #oi-dev
[13:38:05] <jimklimov> hi, our mail relay says it has "verify=FAIL" communicating to e.g. gmail servers
[13:39:21] <jimklimov> the OS is now a recent hipster, and its CA cert package seems relatively fresh : pkg://openindiana.org/crypto/ca-certificates at 1 dot 0-2018.0.0.3:20181220T054610Z
[13:39:38] <jimklimov> from ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_41_RTM/src/nss-3.41.tar.gz
[13:39:46] *** wiedi <wiedi!~wiedi@ip5b4096a6.dynamic.kabel-deutschland.de> has quit IRC (Quit: ^C)
[13:40:40] <jimklimov> any ideas what else can fail here? :)
[13:41:33] <andyf> grep 'O CA' /etc/mail/sendmail.cf
[13:45:06] <andyf> well, make sure your MTA is pointing at the right CA bundle file..
[13:45:06] <jimklimov> hm :)
[13:45:08] <jimklimov> #O CACertPath
[13:45:08] <jimklimov> #O CACertFile
[13:45:21] <jimklimov> good catch
[13:45:31] <jimklimov> so it is not pre-integrated somehow magically? :)
[13:45:55] <jimklimov> (well, it might be in packaging, but my .mc => .cf configs originate from a decade or two ago)
[13:46:00] <andyf> I don't know if there is a default in this sendmail build
[13:46:16] <jimklimov> thanks
[13:47:52] <jimklimov> so getting "CACertFile == /etc/certs/ca-certificates.crt" or "CACertPath == /etc/certs/CA/" should do the trick?
[13:48:02] <andyf> I'm just checking my build..
[13:48:58] *** andy_js <andy_js!~andy@94.6.62.238> has quit IRC (Read error: No route to host)
[13:49:57] *** andy_js <andy_js!~andy@94.6.62.238> has joined #oi-dev
[13:50:00] <andyf> I have this (for OmniOS)
[13:50:00] <andyf> O CACertPath=/etc/mail/cert
[13:50:00] <andyf> O CACertFile=/etc/mail/cert/cacert.pem
[13:50:13] <andyf> ah, sorry, local certificate store
[13:50:41] <jimklimov> so that's for your relay's cert?
[13:50:53] <andyf> Do you have /etc/ssl/cacert.pem?
[13:51:37] <andyf> define(`confCACERT', `/etc/ssl/cacert.pem')dnl
[13:51:38] <andyf> or similar
[13:52:05] <jimklimov> no, just the /etc/certs/* variants (file and dir) above
[13:54:04] <andyf> that's probably just an OI/OOCE difference.. I'd experiment :)
[14:29:31] *** tsoome_ <tsoome_!~tsoome@148-52-235-80.sta.estpak.ee> has joined #oi-dev
[14:30:00] *** tsoome <tsoome!~tsoome@148-52-235-80.sta.estpak.ee> has quit IRC (Ping timeout: 244 seconds)
[14:30:00] *** tsoome_ is now known as tsoome
[14:37:18] <leoric> You should have /etc/certs/ca-certificates.crt
[14:37:25] <leoric> jimklimov: ^
[14:37:47] <leoric> it's generated by svc:/system/ca-certificates:default service
[14:42:37] <jimklimov> yes, that one is there...
[14:43:50] <jimklimov> so I added the CAcert lines to both sendmail.cf and submit.cf (for good measure) referencing this library of certs, but still it fails to verify even our local CA that signed our internal mail server
[14:44:12] <jimklimov> does not fully seem to interfere with actual delivery, its success or fail seems orthogonal in the end
[14:50:32] <andyf> Have you tried setting CACertPath too?
[14:50:43] <andyf> To the directory with the hash-based certificate links in it
[14:51:18] <andyf> (verify failure will not affect delivery unless you set up rules in the accessdb)
[15:26:47] <jimklimov> ok, seems to go better with Path, at least said verify=OK for our internal server ;)
[15:26:52] <jimklimov> thanks
[15:35:28] *** tsoome <tsoome!~tsoome@148-52-235-80.sta.estpak.ee> has quit IRC (Ping timeout: 245 seconds)
[15:42:30] *** ngchk1 <ngchk1!~ngchk1@b2b-92-50-91-166.unitymedia.biz> has joined #oi-dev
[17:05:25] *** andy_js <andy_js!~andy@94.6.62.238> has quit IRC (Read error: Connection reset by peer)
[17:05:55] *** tsoome <tsoome!~tsoome@148-52-235-80.sta.estpak.ee> has joined #oi-dev
[17:07:10] *** andy_js <andy_js!~andy@94.6.62.238> has joined #oi-dev
[18:53:07] *** jimklimov <jimklimov!~jimklimov@31.7.243.238> has quit IRC (Ping timeout: 240 seconds)
[19:08:44] <tomww> /win 21
[22:29:58] *** alanc <alanc!~alanc@129.157.69.40> has quit IRC (Remote host closed the connection)
[22:30:25] *** alanc <alanc!~alanc@129.157.69.40> has joined #oi-dev
[22:30:25] *** ChanServ sets mode: +o alanc
top

   March 15, 2019  
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >