[nycbug-talk] Qmail TLS Issues

[Mark Saad]

All
  I am working with two qmail mail server that are having the same tls issue one is  qmail-ldap-1.03 and the other netqmail-1.06 both are using http://inoa.net/qmail-tls/ for tls support. The issue is when I try to verify the smtpd service on each box can do a "STARTTLS" it fails with a weird message. 

Here is what I did 
%openssl s_client -starttls smtp -connect mail1.af.mil:25 -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:bad certificate
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:error in SSLv3 read server certificate B
712:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:142:
712:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1303:
712:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:208:Type=ASN1_PRINTABLE
712:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=value, Type=X509_NAME_ENTRY
712:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:709:
712:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:709:
712:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=issuer, Type=X509_CINF
712:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=cert_info, Type=X509
712:error:1409000D:SSL routines:SSL3_GET_SERVER_CERTIFICATE:ASN1 lib:s3_clnt.c:955:

both servers do the same thing. 
both are FreeBSD 7.2-RELEASE-p3 64bit
qmail was built from ports along with openssl from ports.

Ideas ? 

--
Mark Saad
mark.saad at ymail.com