Συντάκτης: Bernhard Erdmann Ημερομηνία: Προς: exim-users Αντικείμενο: [Exim] using other parties self-signed certificate when delivering to them
using TLS
Hi,
I'd like to have Exim verify the certificates of certain hosts it
delivers mail to and not to verify the certificates of other hosts
saying STARTTLS.
So far it sets up a TLS session to the hosts which certificates are
required to be verified. But it fails to set up a TLS session to other
hosts:
2004-03-29 13:56:51 1B7vNr-0004FH-Co SSL verify error: depth=0
error=self signed certificate
cert=/C=DE/ST=BW/L=Karlsruhe/O=Schlund+Partner
AG/OU=Systemadministration/CN=mxintern.schlund.de/Email=Postmaster@???
2004-03-29 13:56:51 1B7vNr-0004FH-Co TLS error on connection to
mxintern0.schlund.de [212.227.126.201] (SSL_connect): error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2004-03-29 13:56:51 1B7vNr-0004FH-Co TLS session failure: delivering
unencrypted to mxintern0.schlund.de [212.227.126.201] (not in
hosts_require_tls)
hosts_require_tls: hostnames where TLS is required
hosts_avoid_tls: hostnames of improperly configured hosts
tls_verify_certificates: CA certificate of hosts in hosts_require_tls
In the above example, I'd like to deliver mails using TLS to
mxintern0.schlund.de but not to care about their self-signed certificate.
