The mailing list for listmasters using Sympa

[Etan Weintraub <address@concealed>]

We added the root certificate (and all the intermediate ones) to 
/etc/openldap/cacerts (individual files), and still get the same error. I 
also tried editing LDAPSource.pm and tried setting verify to none, and still 
got the same issue, so I don't believe this has to do with validating the SSL 
certificates. I can also state that prior to upgrade, and on our production 
boxes, this all works fine.

Any other ideas?

-Etan E. Weintraub
Information Security Architect
IT@Johns Hopkins
Johns Hopkins at Mt. Washington
5801 Smith Ave.
Davis Building Suite 3110B
Baltimore, MD 21209
Phone: 667-208-6309
E-mail: address@concealed

-----Original Message-----
From: address@concealed 
[mailto:address@concealed] On Behalf Of IKEDA Soji
Sent: Wednesday, July 22, 2015 1:41 AM
To: address@concealed
Subject: Re: [sympa-users] Encountered Error after 6.2.2 Upgrade

Hi,

On Tue, 21 Jul 2015 17:40:32 +0000
Ray Mathis <address@concealed> wrote:

> Hi David,
> 
> We did the update and the problem still exists.  Is there anything else we 
> can try?
<<snip>>

Directory or file specified by "capath" or "cafile" should contain
the certificate of CA that issued the certificate of LDAP server.
I suppose ca-bundle.crt does not contain certificate of private CA.

Regards,

--- Soji

> Raymond Mathis
> Systems Engineer
> Perimeter Email Security
> Enterprise Directory and Messaging Services
> Johns Hopkins University
> 667.208.6235
> 
> From: address@concealed 
> [mailto:address@concealed] On Behalf Of David Verdin
> Sent: Friday, July 17, 2015 4:23 AM
> To: Etan Weintraub <address@concealed>; address@concealed
> Subject: Re: [sympa-users] Encountered Error after 6.2.2 Upgrade
> 
> Hi Etan,
> 
> OK, We fixed this problem. The fix is in the 6.2.3 that was just released 
> yesterday. Just upgrade to 6.2.3 and it will be alright.
> 
> Regards,
> 
> David
> Le 15/07/15 15:29, Etan Weintraub a écrit :
> Hi-
> I'm Ray's co-admin on the system. In the sympa.conf we have the following:
> 
> ## The directory path use by OpenSSL for trusted CA certificates
> # was capath
> capath  /etc/openldap/cacerts
> 
> ##  This parameter sets the all-in-one file where you can assemble the 
> Certificates of Certification Authorities (CA)
> cafile  /usr/local/sympa/default/ca-bundle.crt
> 
> 
> If we try to add a ca_file or ca_path line to the sympa.conf file, we get 
> an error about those being undefined options.
> 
> -Etan E. Weintraub
> Information Security Architect
> IT@Johns Hopkins
> Johns Hopkins at Mt. Washington
> 5801 Smith Ave.<x-apple-data-detectors://4/>
> Davis Building Suite<x-apple-data-detectors://4/> 3110B
> Baltimore, MD 21209<x-apple-data-detectors://5/0>
> Phone: 667-208-6309<tel:667-208-6309>
> E-mail: address@concealed<mailto:address@concealed>
> 
> From: 
> address@concealed<mailto:address@concealed>
>  [mailto:address@concealed] On Behalf Of David Verdin
> Sent: Wednesday, July 15, 2015 5:20 AM
> To: address@concealed<mailto:address@concealed>
> Subject: Re: [sympa-users] Encountered Error after 6.2.2 Upgrade
> 
> Hi,
> 
> Theese two parameters are specified in sympa.conf.
> 
> You probably use LDAPS to reach your data sources. So it want to check the 
> the SSL connection.
> 
> Just set you ca_file parameter to the path to a valid AC file, somwhere on 
> the server. There is always one shipped with the distribution.
> 
> Regards,
> 
> David
> Le 14/07/15 21:29, Ray Mathis a écrit :
> Hey All,
> 
> After upgrading to 6.2.2 I ran into the following error when I went to one 
> of my list's subscriber page:
> 
> Jul  7 10:39:31 esgsympadev wwsympa[24418]: err main::#1629 > 
> main::do_sync_include#23312 > Sympa::List::sync_include#8059 > 
> Sympa::List::_load_list_members_from_include#7343 > 
> Sympa::List::_include_users_ldap#6632 > Sympa::Database::connect#148 > 
> (eval)#148 > Sympa::DatabaseDriver::LDAP::_connect#88 Neither ca_file nor 
> ca_path parameter is specified
> 
> The question is:  Where is the ca_file and ca_path parameters specified?
> 
> Any help provided would be greatly appreciated.
> 
> Thanks
> 
> Raymond Mathis
> Systems Engineer
> Perimeter Email Security
> Enterprise Directory and Messaging Services
> Johns Hopkins University
> 667.208.6235
> 
> 
> --
> A bug in Sympa? Quick! To the bug 
> tracker!<https://sourcesup.renater.fr/tracker/?group_id=23>
> [RENATER logo]
> 
> 
> David Verdin
> Études et projets applicatifs
> 
> 
> Tél : +33 2 23 23 69 71
> Fax : +33 2 23 23 71 21
> 
> www.renater.fr<http://www.renater.fr>
> 
> RENATER
> 263 Avenue du Gal Leclerc
> 35042 Rennes Cedex
> 
> 
> 
> --
> A bug in Sympa? Quick! To the bug 
> tracker!<https://sourcesup.renater.fr/tracker/?group_id=23>
> [RENATER logo]
> 
> 
> David Verdin
> Études et projets applicatifs
> 
> 
> Tél : +33 2 23 23 69 71
> Fax : +33 2 23 23 71 21
> 
> www.renater.fr<http://www.renater.fr>
> 
> RENATER
> 263 Avenue du Gal Leclerc
> 35042 Rennes Cedex
> 
> 

-- 
株式会社 コンバージョン  セキュリティ&OSSソリューション部   池田荘児
〒140-0014 東京都品川区大井1-49-15 アクセス大井町ビル4F
e-mail address@concealed  TEL 03-6429-2880
http://www.conversion.co.jp/

Attachment: smime.p7s
Description: S/MIME cryptographic signature