 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev-Msg | Prev-Thread | Postfix-users | Jan-2008 | Next-Thread | Next-Msg |
| Subject: | Re: Problem with Postfix and LDAP (SSL / TLS) |
| Group: | Postfix-users |
| From: | Victor Duchovni |
| Date: | 17 Jan 2008 |
> Artur Muecke:
> > The problem was, that postfix cant access the random files (/dev/[u]random)
> > from the chroot environment.
>
> GNU TLS terminates with exit status 2 when /dev/*random is unavailable.
> This is the widely known problem with GNU TLS that everyone has
> been telling you about. I hope the problem is clear now.
>
For the record, the problem is with the underlying libgcrypt, rather than
the TLS layer. The libgcrypt maintainers steadfastly refuse to accept
that applications may legitimately elect to fall back to unencrypted
communication if encryption is not available or handle the failure in
a more graceful way.
The excuse is that "some" applications will not handle the error
correctly, so exit() or abort() are their view the only options.
I strongly disagree, but there's not much I can do about it.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomo?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
| Prev-Msg | Prev-Thread | Postfix-users | Jan-2008 | Next-Thread | Next-Msg |