[Exim] Re: Bug#220773: exim4 won't send client-side certific…

Top Page
Delete this message
Reply to this message
Author: Noah Meyerhans
Date:  
To: Andreas Metzler, exim-users, Oliver Eikemeier, 220773
Subject: [Exim] Re: Bug#220773: exim4 won't send client-side certificates
--
On Mon, Nov 17, 2003 at 11:05:48AM +0100, Andreas Metzler wrote:
> > Otherwise, I'll take this up with the GNUTLS mailing lists. Though the
> > fact that GNUTLS works OK when talking to a sendmail+openssl server
> > makes me uncertain that even that is really the source of the problem.
>
> Is the problem reproducible depending on the software used by the
> remote host (sendmail+openssl or exim+openssl) or depending on a
> specific combination of client/server certificates?


It seems to depend strictly on software, not on certificates or other
configuration data (as far as I can tell). GNUTLS as a client (either
in exim or with gnutls-cli) won't send a certificate to an Exim4 server
built with OpenSSL. It will send it to a sendmail server built with
OpenSSL. In both cases the server will send its certificate to the
client, and the client indicates that it has verified the server's
certificate, but it won't send its own.

I haven't tried using GNUTLS on both ends of the connection, as none of
my exim servers are built with it.

>           cu and- you are using GnuTLS 0.8.12, aren't you? -dreas


Yes, I'm using the latest Debian sid packages of exim4-daemon-heavy and
GNUTLS.

noah

--
Noah Meyerhans                         System Administrator
MIT Computer Science and Artificial Intelligence Laboratory


--
Content-Description: Digital signature

[ signature.asc of type application/pgp-signature deleted ]
--