Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Byte your tongue.


computers / comp.mail.sendmail / DANE + Sendmail 8.17.2 + OpenSSL 3.2.0 - works?

SubjectAuthor
* DANE + Sendmail 8.17.2 + OpenSSL 3.2.0 - works?AMM
`- Re: DANE + Sendmail 8.17.2 + OpenSSL 3.2.0 - works?Claus Aßmann

1
DANE + Sendmail 8.17.2 + OpenSSL 3.2.0 - works?

<un827n$od1$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=908&group=comp.mail.sendmail#908

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: anon.am...@gmail.com (AMM)
Newsgroups: comp.mail.sendmail
Subject: DANE + Sendmail 8.17.2 + OpenSSL 3.2.0 - works?
Date: Fri, 5 Jan 2024 10:27:24 +0530
Organization: A noiseless patient Spider
Lines: 20
Message-ID: <un827n$od1$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 5 Jan 2024 04:57:27 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="29ba13455ce31076edf0f4c4d9dcbdf5";
logging-data="24993"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/iMP+k9zO7ixfu1wrOksZBhGIB4eF+9vA="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:6Gy4VoJ/I3JpGh/8Qe7mhfOkACs=
Content-Language: en-US
 by: AMM - Fri, 5 Jan 2024 04:57 UTC

Hello

From other thread I realized that there is bug in OpenSSL 3.2.0 with
respect to DANE.

But the thread also talks about sendmail 8.18 (which is still in beta)

So I just wanted to seek clarification if same bug exists for sendmail
8.17.2 with OpenSSL 3.2.0? Or it is safe to use with OpenSSL 3.2.0?

Currently I use sendmail 8.17.2 which was compiled when system had
OpenSSL 3.0 and later OpenSSL was upgraded to 3.2.0 but sendmail was not
recompiled and seems to be working fine. (Note: I do not use DANE for my
domain)

Please clarify,

Thank you

AMM.

Re: DANE + Sendmail 8.17.2 + OpenSSL 3.2.0 - works?

<un88mv$u2b$1@news.misty.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=909&group=comp.mail.sendmail#909

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!newsfeed.endofthelinebbs.com!weretis.net!feeder6.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_...@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: DANE + Sendmail 8.17.2 + OpenSSL 3.2.0 - works?
Date: Fri, 5 Jan 2024 01:47:59 -0500 (EST)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <un88mv$u2b$1@news.misty.com>
References: <un827n$od1$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 5 Jan 2024 06:47:59 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="30795"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
 by: Claus Aßmann - Fri, 5 Jan 2024 06:47 UTC

AMM wrote:

> So I just wanted to seek clarification if same bug exists for sendmail
> 8.17.2 with OpenSSL 3.2.0? Or it is safe to use with OpenSSL 3.2.0?

Only 8.18 uses the DANE code in OpenSSL:
8.18.1/8.18.1 202X/XX/XX
Full DANE support is available if OpenSSL versions 1.1.1 or 3.x
are used, i.e., TLSA RR 2-x-y and 3-x-y are supported
as required by RFC 7672.

Whether 3.2.0 is "safe" is something you have to figure out yourself
or ask some "trusted" persons....
BTW: The buggy code has been reviewed by 3 people.

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor