[Exim] TLS verification fails

Top Page
Delete this message
Reply to this message
Author: Toshio Kumagai
Date:  
To: exim-users, Toshio_Kumagai
Subject: [Exim] TLS verification fails
Hi experts,

    Exim-3.22 with TLS/SSL is running great for me.
    But if I specify to verify client certificate,
    SSL connection fails.
    Here's the log.


 client (192.168.1.3) side log:
2001-04-01 08:04:32 14jUQ4-0003I5-03 <= Toshio_Kumagai@??? \
    U=toshiok P=local S=422
2001-04-01 08:04:34 14jUQ4-0003I5-03 TLS error on connection to \
    cardamon [192.168.1.4] (SSL_connect): error:14094410:\
    SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
2001-04-01 08:04:34 14jUQ4-0003I5-03 failure while setting up TLS session
2001-04-01 08:04:34 14jUQ4-0003I5-03 == Toshio_Kumagai@??? \
    T=remote_smtp defer (-38): failure while setting up TLS session


 server (192.168.1.4) side log:
2001-04-01 08:04:33 TLS error on connection from (ginger) [192.168.1.3] \
    (SSL_accept): error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:\
    peer did not return a certificate


    Of course, exim.conf in client has following 2 lines


tls_certificate = /usr/local/ssl/certs/certificate
tls_privatekey = /usr/local/ssl/private/private.key

    and server has the line.


tls_verify_certificates = /usr/local/lib/exim/certs/ginger

    I've copied client's /usr/local/ssl/certs/certificate
    to /usr/local/lib/exim/certs/ginger in server.


    Seems client does not send the certificate to the
    server.
    What's wrong ?


-- 
  Regards,
  Toshio Kumagai    (Toshio_Kumagai@???), Japan