[Exim] error using tls_crl parameter

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Juergen Edner
Fecha:  
A: exim-users
Asunto: [Exim] error using tls_crl parameter
Hello,
I've just added the new tls_crl parameter to my working Exim 4.41
configuration (main and transport section) which points to my local
crl.pem file.
Everything seems to work properly except if I want to use TLS for an
external smarthost connection. It seems to me as if the new function
not only checks the local crl it also tries to read the crl from the
certificate?!

But the providers crl are often made available in DER format and not
PEM format. Therefore I think they cannot be read by Exim. This is the
debug error message:

    7492 SSL verify error: depth=0 error=unable to get certificate CRL
cert=/C=DE/2.5.4.17=51149/ST=Nordrhein-Westfalen/L=Koeln/2.5.4.9=Koelner
Strasse 159/O=Ralph Bieler/OU=Hosted by Panther
SoftWorks/OU=InstantSSL/CN=ks2.kdsrv.de


    7492 SSL info: SSLv3 read server certificate B
    7492 SSL info: SSLv3 read server certificate B
    7492 SSL info: SSLv3 read server certificate B
    7492 LOG: MAIN
    7492   TLS error on connection to ks2.kdsrv.de [213.131.252.201]
      (SSL_connect): error:14090086:SSL
    routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    7492 ok=0 send_quit=0 send_rset=1 continue_more=0 yield=1
      first_address=135248592


Has anyone else tested this new feature and can confirm my experiences?

Juergen
--
Mail: juergen.edner@???
GPG Key available