------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=824
Summary: clarifiactions on tls_verify_certificates and opera
Product: Exim
Version: 4.69
Platform: x86
OS/Version: Linux
Status: NEW
Keywords: work:tiny
Severity: bug
Priority: medium
Component: TLS
AssignedTo: nigel@???
ReportedBy: pierre@???
CC: exim-dev@???
so I have an auto signed CA.
I have my server.crt and server.key files, signed by the CA
I use the same for apache2, courier-imap-ssl, mysql and exim4
I have a client.p12 file, signed by the CA, installed on client side on Opera.
access to https works well.
and it works with firefox, konqueror,and safari, and even IE, on gentoo,
ubuntu, and even with XP...
access to imap and mysql rocks.
but what a pain it is to configure exim to do the same...
here is some of exim config :
tls_advertise_hosts = *
tls_certificate = CONFDIR/exim.crt
tls_privatekey = CONFDIR/exim.key
tls_verify_certificates = /etc/ssl/certs
#tls_verify_certificates = CONFDIR/ca-bundle.crt
#tls_verify_certificates = CONFDIR/mellitech.pem
#tls_try_verify_hosts = *
tls_verify_hosts = *
if I'm right , all smtp client are advise to use starttls, and all client have
to show a certificate that gonna be verify by tls_verify_certificates.
that's where the confusion shows up...
a lot of forum/docs pretend tls_verify_certificates has to be a CA, and only a
few talk about concat certifs or event /etc/ssl/certs dir with the r_rehash
trick...
none of them works for me :
1/ a single file with the certificate inside (begins with -----BEGIN
CERTIFICATE----- and ends with -----END CERTIFICATE-----) gives TLS error on
connection from blablabla: certificate verification failed (invalid)
2/ the CA file give the same
and
3/ the /etc/ssl/certs dir gives TLS error on connection from blablabla
(setup_certs): Error while reading file (which probably means I don't have
gnutls support....)
I would love to know why so many forums/docs talk about putting a CA file on
tls_verify_certificates while official doc does not.
And if by any chance somebody know how to fit the certificate in
tls_verify_certificates and validate my opera client connection!
any clue accepted.....
pierre
oh, by the way, I use opera 9.64...
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email