Autor: Bernhard ErdmannData: 2004-03-29 12:07 UTC A: exim-usersAssumpte: [Exim] using other parties self-signed certificate when delivering to them
using TLS
Hi,
I'd like to have Exim verify the certificates of certain hosts it
delivers mail to and not to verify the certificates of other hosts
saying STARTTLS.
So far it sets up a TLS session to the hosts which certificates are
required to be verified. But it fails to set up a TLS session to other
hosts:
2004-03-29 13:56:51 1B7vNr-0004FH-Co SSL verify error: depth=0
error=self signed certificate
cert=/C=DE/ST=BW/L=Karlsruhe/O=Schlund+Partner
AG/OU=Systemadministration/CN=mxintern.schlund.de/Email=Postmaster@???
2004-03-29 13:56:51 1B7vNr-0004FH-Co TLS error on connection to
mxintern0.schlund.de [212.227.126.201] (SSL_connect): error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2004-03-29 13:56:51 1B7vNr-0004FH-Co TLS session failure: delivering
unencrypted to mxintern0.schlund.de [212.227.126.201] (not in
hosts_require_tls)
remote_smtp:
driver = smtp
hosts_require_tls = /etc/exim/hosts_require_tls
hosts_avoid_tls = /etc/exim/hosts_avoid_tls
tls_verify_certificates = /etc/exim/tls_verify_certificates
The files contain:
hosts_require_tls: hostnames where TLS is required
hosts_avoid_tls: hostnames of improperly configured hosts
tls_verify_certificates: CA certificate of hosts in hosts_require_tls
In the above example, I'd like to deliver mails using TLS to
mxintern0.schlund.de but not to care about their self-signed certificate.
Regards,
Bernie