Guillermo Llenas wrote:
>
>
> Hi all,
>
>
> I 've compiled exim with tls/ssl support. I generated the self signed
> ceritificate and Host key/par. (ca.key {ca.csr} and ca.crt)
> Then added the lines in exim.conf to make it work. Everything fine
> until this: if i use " tls_try_verify_hosts = * " , I can send and
> receive emails without any problem, all using ssl.
>
> But if I want to use "tls_verify_hosts = * " and not the other option,
> is just like tls_verify_certificates didn't work.
[snip]
> 17:01:02 12431 TLS error on connection from (interjhxbcokee)
> [200.117.243.64]:4788 (SSL_accept): error:140890C7:SSL
> routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
>
It's saying that your client didn't supply a certificate.
For tls_verify_hosts the client must supply a valid cert. For
tls_try_verify_hosts it's not mandatory to supply a valid cert., the TLS
connection will be allowed.
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@???
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555