[Exim] Exim 4.12 and TLS using GnuTLS

Góra strony
Delete this message
Reply to this message
Autor: Sander Smeenk
Data:  
Dla: exim-users
Temat: [Exim] Exim 4.12 and TLS using GnuTLS
Hi,

I recently compiled Exim 4.12 using GnuTLS.

I have enabled these TLS-related options:

| SUPPORT_TLS=yes
| USE_GNUTLS=yes
| TLS_LIBS=-lgnutls -ltasn1 -lgcrypt


Compilation succeeds without errors / warnings, and the resulting exim
binary *is* linked against 'gnutls', 'tasn1' and 'gcrypt':

| % ldd =exim

[..]
|        libcrypt.so.1 => /lib/libcrypt.so.1 (0x40040000)

[..]
|        libgnutls.so.5 => /usr/lib/libgnutls.so.5 (0x40150000)
|        libtasn1.so.0 => /usr/lib/libtasn1.so.0 (0x40183000)
|        libgcrypt.so.1 => /usr/lib/libgcrypt.so.1 (0x40191000)


I have created certs with this command:

| % openssl req -x509 -newkey rsa:1024 -keyout exim.key -out exim.cert -days 0 -nodes


And a dhparam set with:

| % openssl dhparam -check -text -5 512 -out exim.dhparam


I have the following options set in my exim.conf:

| tls_advertise_hosts = *
| tls_certificate = /etc/exim/exim.crt
| tls_privatekey = /etc/exim/exim.key
| tls_dhparam = /etc/exim/exim.dhparam
| tls_log_cipher = true
| tls_log_peerdn = true
| auth_over_tls_hosts = *


I even tried with 'hostlist ' in front of tls_advertise_hosts and
auth_over_tls_hosts but still:

| % nc mx5.freshdot.net 25
| 220 mx5.freshdot.net ESMTP Exim 4.12 Sun, 26 Jan 2003 20:37:29 +0100
| EHLO localhost
| 250-mx5.freshdot.net Hello localhost [127.0.0.1]
| 250-SIZE 52428800
| 250-PIPELINING
| 250 HELP
| QUIT
| 221 mx5.freshdot.net closing connection


What's wrong? :|

My certs are readable.

With regards,
Sander

--
| Aggression comes back to you <-=|=-> you to back comes Aggression
| 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D