[Exim] TLS verification not working between exim3 and exim4 …

Top Page
Delete this message
Reply to this message
Author: Dan McGrath
Date:  
To: exim-users
Subject: [Exim] TLS verification not working between exim3 and exim4 machines
This is a multi-part message in MIME format.
--
[ Picked text/plain from multipart/alternative ]
Sorry, one other problem...

My server runs exim3, and my backup MX (friend) runs exim4. Now we both can send using TLS fine with verification off, but as soon as I enabled it i get the error (private info forged):

2004-06-12 06:37:37 TLS error on connection from www.example.org (smtp.example.org) [10.0.0.2] (SSL_accept): error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate

and then he proceeds to fall back to non tls mode to send. The way I got his cert was to get a copy of it in email and I placed it in /etc/exim/certificates. I also tried <hash>.0 in a dir as well with the same results. Below is a copy of my TLS related settings, can anyone see anything wrong?

# TLS settings
tls_certificate = /etc/exim/exim.crt
tls_privatekey = /etc/exim/exim.key
tls_advertise_hosts = *
tls_log_peerdn = true
tls_verify_certificates = /etc/exim/certificates
#tls_hosts = smtp.example.com
tls_verify_hosts = smtp.example.com


The tls_hosts is only disabled temp since its broken of course. But when I disable tls_verify_hosts, he connects fine. I assume its a problem with the certificate he sent me not matching whats in /etc/exim/certificates? Any help would be appreciated. Thanks.


troubled
--