Hello,
I've just added the new tls_crl parameter to my working Exim 4.41
configuration (main and transport section) which points to my local
crl.pem file.
Everything seems to work properly except if I want to use TLS for an
external smarthost connection. It seems to me as if the new function
not only checks the local crl it also tries to read the crl from the
certificate?!
But the providers crl are often made available in DER format and not
PEM format. Therefore I think they cannot be read by Exim. This is the
debug error message:
7492 SSL verify error: depth=0 error=unable to get certificate CRL
cert=/C=DE/2.5.4.17=51149/ST=Nordrhein-Westfalen/L=Koeln/2.5.4.9=Koelner
Strasse 159/O=Ralph Bieler/OU=Hosted by Panther
SoftWorks/OU=InstantSSL/CN=ks2.kdsrv.de
7492 SSL info: SSLv3 read server certificate B
7492 SSL info: SSLv3 read server certificate B
7492 SSL info: SSLv3 read server certificate B
7492 LOG: MAIN
7492 TLS error on connection to ks2.kdsrv.de [213.131.252.201]
(SSL_connect): error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
7492 ok=0 send_quit=0 send_rset=1 continue_more=0 yield=1
first_address=135248592
Has anyone else tested this new feature and can confirm my experiences?
Juergen
--
Mail: juergen.edner@???
GPG Key available
