Re: [exim] verifying certificate information

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Martin A. Brooks
Date:  
À: Martin A. Brooks, Exim Users
Sujet: Re: [exim] verifying certificate information
Phil Pennock wrote:
> If stuck with an older openssl which doesn't wait for the SMTP
> connection banner when using -starttls, and if you have Perl with
> Net::SSLeay available, then:
>
> http://people.spodhuis.org/phil.pennock/software/smtp_tls_cert.pl


Perfect, that does exactly what I need. thankyou. The certificate shown
is the correct one.

It does leave me with another question though. I have one machine that
uses a self-generated certificate and in the log file of remote servers,
I see entries like this when it sends email:

2008-06-15 10:41:16 1K7ojY-0000Ac-B1 => martin@???
R=hubbed_hosts_postgres T=remote_smtp H=fish.clues.ltd.uk [80.68.93.86]
X=TLS1.0:RSA_AES_256_CBC_SHA1:32 DN="C=GB,ST=London,L=London,O=Clues
Ltd,CN=fish.clues.ltd.uk,EMAIL=hostmaster@???"

Note the certificate information in the DN="" part of the log file.
When I send email via the host that is using a "real" certificate, that
value is blank In the logging options +tls_peerdn is set in both
machines. Is there another option somewhere I've missed for this?



-- 
Martin A. Brooks |  http://www.antibodymx.net/ | Anti-spam & anti-virus
   Consultant    |  martin@???      | filtering. Inoculate
 antibodymx.net  |  m: +447792493388           | your mail system.