[Exim] Unexpected behaviour with empty tls_verify_certificat…

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: 236478, fsmla, exim-users
Old-Topics: [Exim] Re: Bug#236478: Unexpected behaviour with empty tls_verify_certificates file/directory
Subject: [Exim] Unexpected behaviour with empty tls_verify_certificates file/directory
On 2004-03-06 "J.H.M. Dassen (Ray)" <fsmla@???> wrote:
[...]
> AFAICT the problem is in the way src/tls-gnu.c's tls_init() tries to set up
> the trusted CAs. Basically it just hands the job off to
> gnutls_certificate_set_x509_trust_file.


> That function returns GNUTLS_E_FILE_ERROR when passed the name of an empty
> file. Also strace-ing of test code (see attachment) suggests it isn't
> intended to handle a directory at all.


> Exim's documentation says `tls_verify_certificates' may point to a directory
> as well - presumably that was written based on the OpenSSL implementation.


Exim's documentation says *very* clearly that using a directory is
OpenSSL-only.
                    cu andreas