Hi all,
I 've compiled exim with tls/ssl support. I generated the self signed
ceritificate and Host key/par. (ca.key {ca.csr} and ca.crt)
Then added the lines in exim.conf to make it work. Everything fine
until this: if i use " tls_try_verify_hosts = * " , I can send and
receive emails without any problem, all using ssl.
But if I want to use "tls_verify_hosts = * " and not the other option,
is just like tls_verify_certificates didn't work.
I 'm not very expertise in this field, so any help will be appreciated.
(sorry for my english :) )
17:01:02 12431 250-SIZE 52428800
17:01:02 12431 250-8BITMIME
17:01:02 12431 250-PIPELINING
17:01:02 12431 250-AUTH LOGIN PLAIN
17:01:02 12431 250-STARTTLS
17:01:02 12431 250 HELP
17:01:02 12431 SMTP<< STARTTLS
17:01:02 12431 ---0 Rst 0x81a38c0 ** smtp_in.c 788 24600
17:01:02 12431 tls_certificate file
/var/spool/exim/CA/fesprueba.lc-2.la.inter.net.crt
17:01:02 12431 tls_privatekey file
/var/spool/exim/CA/fesprueba.lc-2.la.inter.net.key
17:01:02 12431 Initialized TLS
17:01:02 12431 ---0 Get 0x81a38c0 32 string.c 345
17:01:02 12431 host in tls_verify_hosts? yes (matched "*")
17:01:02 12431 SMTP>> 220 TLS go ahead
17:01:02 12431 Calling SSL_accept
17:01:02 12431 SSL info: before/accept initialization
17:01:02 12431 SSL info: before/accept initialization
17:01:02 12431 SSL info: SSLv3 read client hello A
17:01:02 12431 SSL info: SSLv3 write server hello A
17:01:02 12431 SSL info: SSLv3 write certificate A
17:01:02 12431 SSL info: SSLv3 write certificate request A
17:01:02 12431 SSL info: SSLv3 flush data
17:01:02 12431 SSL info: SSLv3 read client certificate B
17:01:02 12431 SSL info: SSLv3 read client certificate B
17:01:02 12431 SSL info: SSLv3 read client certificate B
17:01:02 12431 LOG: MAIN
17:01:02 12431 TLS error on connection from (interjhxbcokee)
[200.117.243.64]:4788 (SSL_accept): error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
--
Guillermo Llenas
