Author: Calum Mackay Date: To: exim-users Subject: Re: [Exim] TLS: no luck with verifying clients
This is a cryptographically signed message in MIME format.
--
Philip Hazel wrote: > That seems to be the way its interactions with the TLS library turn out.
> If you try running with TLS debugging turned on (-d-all+tls) perhaps
> some more information might be forthcoming - I would hope it would be
> possible to deduce which certificate is causing the problem.
I tried running a daemon with:
diz # /usr/sbin/exim4 -C /var/lib/exim4/config.autogenerated -bd -q10m
-d-all+tls
but didn't get very much in the way of cert debugging:
6640 Connection request from 81.136.212.215 port 25529
6640 LOG: MAIN
6640 SMTP connection from [81.136.212.215]:25529 (TCP/IP connection
count = 1)
6640 1 SMTP accept process running
6640 child 6643 ended: status=0x0
6640 0 queue-runner processes now running
6640 Listening...
6644 Process 6644 is handling incoming connection from
[81.136.212.215]:25529
6644 Process 6644 is ready for new message
6644 initializing GnuTLS as a server
6644 read RSA and D-H parameters from file
6644 initialized RSA and D-H parameters
6644 certificate file = /etc/exim4/exim.crt
6644 key file = /etc/exim4/exim.key
6644 verify certificates = /etc/exim4/client_certs
6644 LOG: MAIN
6644 TLS error on connection from
host81-136-212-215.in-addr.btopenworld.com (bike.thegerhards.com)
[81.136.212.215]:25529 (setup_certs): Certificate parsing error.
6644 LOG: MAIN REJECT
6644 H=host81-136-212-215.in-addr.btopenworld.com
(bike.thegerhards.com) [81.136.212.215]:25529 rejected AUTH PLAIN
Z2VyaGFyZHMAZ2VyaGFyZHMAcG9zdC5wYXQ=: Require either CRAM-MD5 or TLS
encrypted connection
I'll try it again with +all, and see :)
cheers,
c.
--
Content-Description: S/MIME Cryptographic Signature
[ smime.p7s of type application/x-pkcs7-signature deleted ]
--