[exim-dev] [Bug 786] tls_verify_hosts not verifying X509 sig…

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 786] tls_verify_hosts not verifying X509 signed from Outlook 2007
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=786




--- Comment #1 from Andreas Metzler <eximusers@???> 2008-12-01 18:32:57 ---
--------------
The following is an example from /var/log/exim4/mainlog when
MAIN_TLS_VERIFY_HOSTS = * is set. Encrypted, signed (via client certificates)
TLS email is not relayed to local ldap users.

2008-12-01 16:07:15 [23561] SMTP connection from [client_ip]:3000
I=[server_ip]:587 (TCP/IP connection count = 1)
2008-12-01 16:07:15 [23570] TLS error on connection from client_FQDN
(client_hostname_short) [client_ip]:3000 (gnutls_handshake): The peer did not
send any certificate.
--------------

I think you are misunderstanding what the option is about. This does not make
exim parse incoming mails and check their signatures.

A client connecting via a TLS/SSL can provide a certificates to authenticate
this connection. I doubt that MUAs like Outlook can even be configured to do
this.

cu andreas


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email