Bug 239473 - mail/postfix: default smtp_tls_CAfile to /etc/ssl/cert.pem
Summary: mail/postfix: default smtp_tls_CAfile to /etc/ssl/cert.pem
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Juraj Lutter
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-07-27 08:57 UTC by Christian Schwarz
Modified: 2023-01-27 17:00 UTC (History)
4 users (show)

See Also:
bugzilla: maintainer-feedback? (otis)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Schwarz 2019-07-27 08:57:18 UTC
The current port build defaults to the empty string, which results in no TLS certs being trusted at all when delivering mail.

Debian has the same problem, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923083
Comment 1 Li-Wen Hsu freebsd_committer freebsd_triage 2021-06-01 05:02:34 UTC
Over to new maintainer
Comment 2 Michael Osipov 2022-02-09 12:27:18 UTC
Actually not anymore, it should point to /etc/ssl/certs which is now the default OpenSSL trust store.
Comment 3 Juraj Lutter freebsd_committer freebsd_triage 2022-03-12 22:08:12 UTC
And even not smtp_tls_CAfile but smtp_tls_CApath
Comment 4 commit-hook freebsd_committer freebsd_triage 2022-03-13 12:37:47 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=ee87152d51a0a63406f189987975dc14a3ed5825

commit ee87152d51a0a63406f189987975dc14a3ed5825
Author:     Juraj Lutter <otis@FreeBSD.org>
AuthorDate: 2022-03-12 11:55:38 +0000
Commit:     Juraj Lutter <otis@FreeBSD.org>
CommitDate: 2022-03-13 12:34:29 +0000

    mail/postfix-current: Update to 3.8.20220220

    - Update to 3.8.20220220
    - Correct installation instructions [1]
    - Listen on both IPv4 and IPv6 [2]
    - Use system-wide CA path [3]
    - Correct typo in pkg-message [4]
    - Switch to PCRE2 [5]

    PR:     261821 [1]
    PR:     252872 [2]
    PR:     239473 [3]
    PR:     261824 [4]
    PR:     262100 [5]

 mail/postfix-current/Makefile                      | 15 ++++++------
 mail/postfix-current/distinfo                      |  6 ++---
 .../postfix-current/files/patch-conf_main.cf (new) | 11 +++++++++
 mail/postfix-current/files/patch-makedefs (gone)   | 27 ----------------------
 .../files/patch-src_util_sys__defs.h (gone)        | 12 ----------
 mail/postfix-current/files/pkg-install.in          |  6 ++---
 mail/postfix-current/files/pkg-message.in          |  1 +
 mail/postfix-current/pkg-plist                     |  6 ++---
 8 files changed, 29 insertions(+), 55 deletions(-)
Comment 5 commit-hook freebsd_committer freebsd_triage 2022-03-15 21:11:12 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=548805651e61cca4d6b5dc4be0787e1e5e188ff0

commit 548805651e61cca4d6b5dc4be0787e1e5e188ff0
Author:     Juraj Lutter <otis@FreeBSD.org>
AuthorDate: 2022-03-14 21:21:57 +0000
Commit:     Juraj Lutter <otis@FreeBSD.org>
CommitDate: 2022-03-15 20:55:46 +0000

    mail/postfix: Update to 3.7.0

    - Update to 3.7.0
    - Correct installation instructions [1]
    - Listen on both IPv4 and IPv6 [2]
    - Use system-wide CA path [3]
    - Correct typo in pkg-message [4]
    - Switch to PCRE2 [5]

    PR:     261821 [1]
    PR:     252872 [2]
    PR:     239473 [3]
    PR:     261824 [4]
    PR:     262100 [5]

 mail/postfix/Makefile                              | 13 ++++++-----
 mail/postfix/distinfo                              |  6 ++---
 mail/postfix/files/patch-conf_main.cf (new)        | 11 +++++++++
 mail/postfix/files/patch-makedefs (gone)           | 27 ----------------------
 .../files/patch-src_util_sys__defs.h (gone)        | 12 ----------
 mail/postfix/files/pkg-install.in                  |  6 ++---
 mail/postfix/files/pkg-message.in                  |  1 +
 mail/postfix/pkg-plist                             |  6 ++---
 8 files changed, 28 insertions(+), 54 deletions(-)
Comment 6 Juraj Lutter freebsd_committer freebsd_triage 2022-03-16 21:49:33 UTC
Committed, thanks.