openssl-0.9.7f-4 breaks postfix-2.2.2-2

[Joe Orton]

On Sat, Apr 23, 2005 at 09:04:54AM -0400, David Hollis wrote:
> On Fri, 2005-04-22 at 20:07 +0200, Thomas Zehetbauer wrote:
> > Today's rawhide update broke my postfix's smtp over ssl capability.
> > postfix/smtpd[8117]: warning: TLS library problem: 8117:error:02001002:system library:fopen:No such file or directory:bss_file.c:104:fopen('/usr/share/ssl/certs/ca-bundle.crt','r'):
> > postfix/smtpd[8117]: warning: TLS library problem: 8117:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:107:
> > postfix/smtpd[8117]: warning: TLS library problem: 8117:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:279:
> > postfix/smtpd[8117]: connect from localhost[127.0.0.1]
> > postfix/smtpd[8117]: Could not allocate 'TLScontext->con' with SSL_new()
> > postfix/smtpd[8117]: warning: TLS library problem: 8117:error:140BA0C3:SSL routines:SSL_new:null ssl ctx:ssl_lib.c:231:
> > postfix/smtpd[8117]: lost connection after CONNECT from localhost[127.0.0.1]
> > postfix/smtpd[8117]: disconnect from localhost[127.0.0.1]
> 
> The latest OpenSSL packages moved all of the certs/keys to /etc/pki.  In
> your postfix config, change the path to the ca-bundle to
> be /etc/pki/tls/certs and you should be all set.

No application should contain hard-coded references to the ca-bundle.crt
filename in the first place, they should obtain it at run-time via
X509_get_default_cert_file() or if possible just use
SSL_CTX_set_default_verify_paths() - can you file bugs on that?

Regards,

joe