Hi,
I recently compiled Exim 4.12 using GnuTLS.
I have enabled these TLS-related options:
| SUPPORT_TLS=yes
| USE_GNUTLS=yes
| TLS_LIBS=-lgnutls -ltasn1 -lgcrypt
Compilation succeeds without errors / warnings, and the resulting exim
binary *is* linked against 'gnutls', 'tasn1' and 'gcrypt':
| % ldd =exim
[..]
| libcrypt.so.1 => /lib/libcrypt.so.1 (0x40040000)
[..]
| libgnutls.so.5 => /usr/lib/libgnutls.so.5 (0x40150000)
| libtasn1.so.0 => /usr/lib/libtasn1.so.0 (0x40183000)
| libgcrypt.so.1 => /usr/lib/libgcrypt.so.1 (0x40191000)
I have created certs with this command:
| % openssl req -x509 -newkey rsa:1024 -keyout exim.key -out exim.cert -days 0 -nodes
And a dhparam set with:
| % openssl dhparam -check -text -5 512 -out exim.dhparam
I have the following options set in my exim.conf:
| tls_advertise_hosts = *
| tls_certificate = /etc/exim/exim.crt
| tls_privatekey = /etc/exim/exim.key
| tls_dhparam = /etc/exim/exim.dhparam
| tls_log_cipher = true
| tls_log_peerdn = true
| auth_over_tls_hosts = *
I even tried with 'hostlist ' in front of tls_advertise_hosts and
auth_over_tls_hosts but still:
| % nc mx5.freshdot.net 25
| 220 mx5.freshdot.net ESMTP Exim 4.12 Sun, 26 Jan 2003 20:37:29 +0100
| EHLO localhost
| 250-mx5.freshdot.net Hello localhost [127.0.0.1]
| 250-SIZE 52428800
| 250-PIPELINING
| 250 HELP
| QUIT
| 221 mx5.freshdot.net closing connection
What's wrong? :|
My certs are readable.
With regards,
Sander
--
| Aggression comes back to you <-=|=-> you to back comes Aggression
| 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D
