[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TLS (smtpserver): TLS engine: cannot load DH parameters from our cert file
On Sun, Feb 23, 2003 at 01:38:33PM +0100, Artur Meski wrote:
> After smtpserver startup I get the following log messages:
>
> WMTLTSx0000# TLS engine: cannot load DH parameters from our cert file
> WMTLTSx0000# 79029:error:0906D06C:PEM routines:PEM_read_bio:no start line:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/pem_lib.c:663:Expecting: DH PARAMETERS:
>
> What's wrong?
The explanation I found is in source code:
/*
* We might also need dh parameters, which can either be
* loaded from file (preferred) or we simply take the compiled
* in values.
*
* First, set the callback that will select the values when
* requested, then load the (possibly) available DH parameters
* from files.
*
* We are generous with the error handling, since we do have
* default values compiled in, so we will not abort but just
* log the error message.
*/
I will alter the message text to be less alarmistic.
OpenSSL documentation says:
The DHparams functions process DH parameters using a DH structure.
The parameters are encoded using a PKCS#3 DHparameter structure.
Which, again, does not say much, but relates somehow to newer keys,
and the ways how Diffie-Hellman key-exchange CAN be done.
> Here's part of my smtpserver.conf relative to tls.
>
> PARAM use-tls
> PARAM tls-CAfile $MAILVAR/db/smtpserver-CAcert.pem
> PARAM tls-cert-file $MAILVAR/db/smtpserver-cert.pem
> PARAM tls-key-file $MAILVAR/db/smtpserver-key.pem
>
> --
> // Artur Meski // email: artur@cifrid.net // www: artur.black.pl //
--
/Matti Aarnio <mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi