[Exim] error using tls_crl parameter

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Juergen Edner
Dátum:  
Címzett: exim-users
Tárgy: [Exim] error using tls_crl parameter
Hello,
I've just added the new tls_crl parameter to my working Exim 4.41
configuration (main and transport section) which points to my local
crl.pem file.
Everything seems to work properly except if I want to use TLS for an
external smarthost connection. It seems to me as if the new function
not only checks the local crl it also tries to read the crl from the
certificate?!

But the providers crl are often made available in DER format and not
PEM format. Therefore I think they cannot be read by Exim. This is the
debug error message:

    7492 SSL verify error: depth=0 error=unable to get certificate CRL
cert=/C=DE/2.5.4.17=51149/ST=Nordrhein-Westfalen/L=Koeln/2.5.4.9=Koelner
Strasse 159/O=Ralph Bieler/OU=Hosted by Panther
SoftWorks/OU=InstantSSL/CN=ks2.kdsrv.de


    7492 SSL info: SSLv3 read server certificate B
    7492 SSL info: SSLv3 read server certificate B
    7492 SSL info: SSLv3 read server certificate B
    7492 LOG: MAIN
    7492   TLS error on connection to ks2.kdsrv.de [213.131.252.201]
      (SSL_connect): error:14090086:SSL
    routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    7492 ok=0 send_quit=0 send_rset=1 continue_more=0 yield=1
      first_address=135248592


Has anyone else tested this new feature and can confirm my experiences?

Juergen
--
Mail: juergen.edner@???
GPG Key available