Re: [Exim] TLS: no luck with verifying clients

Top Pagina
Delete this message
Reply to this message
Auteur: Calum Mackay
Datum:  
Aan: Jonathan G - Mailing List
CC: exim-users
Onderwerp: Re: [Exim] TLS: no luck with verifying clients
This is a cryptographically signed message in MIME format.
--
Hi Jonathan,

thanks for replying...

> i have running Exim 4.22 + Exiscan-ACL with TSL support (AES256-SHA1)
> and i have experienced a similar problem. The solution in my case were
> so easy. Be sure the cert file have enough permision to be read by the
> user that runs Exim and (in you want) if it's owned bu such user.


Yup, I'd already checked this, but it's a good idea.

> If you want to know how i have configured TSL in my Exim box just go to
> http://www.surestorm.com/data/Exim_exim.conf.html and take a look. I use
> TLS to encrypt the session and avoid send user and password in clear,
> just this.


I think we might be at cross-purposes; as far as I can see from looking
at your config, you don't actually do any client certificate
verification. This would require either of the following options:

    tls_verify_hosts =
    tls_try_verify_hosts =


neither of which you have in your config file.

You do have TLS working, without client verification, I see; fortunately
I've been able to get that far too. It's the client verification I'm
having trouble with.

As a final point, you don't seem to be using your remote_tlssmtp
transport; is this intentional?

cheers,
Calum.
--
Content-Description: S/MIME Cryptographic Signature

[ smime.p7s of type application/x-pkcs7-signature deleted ]
--