[Exim] Re: Bug#236478: Unexpected behaviour with empty tls_v…

Top Page
Delete this message
Reply to this message
Author: J.H.M. Dassen (Ray)
Date:  
To: 236478
CC: Andreas Metzler, exim-users
New-Topics: [Exim] Unexpected behaviour with empty tls_verify_certificates file/directory
Subject: [Exim] Re: Bug#236478: Unexpected behaviour with empty tls_verify_certificates file/directory
--
On Sat, Mar 06, 2004 at 16:57:45 +0100, Andreas Metzler wrote:
> I've doublechecked (4.30, GnuTLS10) and the report is indeed correct.


AFAICT the problem is in the way src/tls-gnu.c's tls_init() tries to set up
the trusted CAs. Basically it just hands the job off to
gnutls_certificate_set_x509_trust_file.

That function returns GNUTLS_E_FILE_ERROR when passed the name of an empty
file. Also strace-ing of test code (see attachment) suggests it isn't
intended to handle a directory at all.

Exim's documentation says `tls_verify_certificates' may point to a directory
as well - presumably that was written based on the OpenSSL implementation.

Ray
--
Gartner is what you get when you pipe statistics through consultants.
    - jtv
--
[ Content of type text/x-csrc deleted ]
--