On Fri, 23 Jan 2004, Mark Foster wrote:
> It appears that the $tls_certificate_verified is being set to 1 even if the
> client certificate is expired. See http://test.smtp.org/ for more info.
> Can anyone confirm?
>
> 2004-01-23 09:21:55 SSL verify error: depth=0 error=certificate has expired cert=/C=US/ST=California/L=Emeryville/O=test.smtp.org/CN=test.smtp.org/emailAddress=postmaster@???
> 2004-01-23 09:21:55 SSL verify error: depth=0 error=certificate has expired cert=/C=US/ST=California/L=Emeryville/O=test.smtp.org/CN=test.smtp.org/emailAddress=postmaster@???
> 2004-01-23 09:21:55 H=horsey.gshapiro.net (test.smtp.org) [64.105.95.154] Warning: verified peer dn /C=US/ST=California/L=Emeryville/O=test.smtp.org/CN=test.smtp.org/emailAddress=postmaster@???
> 2004-01-23 09:21:58 1Ak50F-000PIX-Th <= <> H=horsey.gshapiro.net (test.smtp.org) [64.105.95.154] P=esmtp X=TLSv1:AES256-SHA:256 DN="/C=US/ST=California/L=Emeryville/O=test.smtp.org/CN=test.smtp.org/emailAddress=postmaster@???" S=3390 id=200401231721.i0NHLpQr086509@???
Odd that it logs a verify error and still thinks it verified. Problem
noted. Hopefully one day I'll get time to check it out. (I'm feeling
rather snowed under just at the moment.)
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
