Re: [exim] Exim + (GNU)TLS + Outlook + tls_try_verify_hosts

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] Exim + (GNU)TLS + Outlook + tls_try_verify_hosts
Hello Phil,

Phil Pennock <exim-users@???> (Sa 20 Jun 2009 04:20:22 CEST):
> On 2009-06-19 at 16:00 +0200, Heiko Schlittermann wrote:
> >         14450 LOG: MAIN
> >         14450   TLS error on connection from p54b3640b.dip.t-dialin.net (hopperxp) [84.179.100.11] (SSL_accept): error:00000000:lib(0):func(0):reason(0)

>
> I've a vague recollection that this means there wasn't an SSL problem,
> the connection just went away with a clean SSL shutdown; I'm not more
> than 60% sure of this though.
>
> I suspect that the client is just ending when it's asked for a client
> cert.


Yes, this is what I start thinking, because it does not seem to depend
on GNUTLS vs. OpenSSL, and it happens whenever the clients gets asked
for the cert. I'm not sure, if Outlook Express is choked on being asked
for a cert?

The confusing part is, that it works on some other server with older
GNUTLS and older Exim... so I suspect, it's not *only* outlook, what
I've to blame here, it's probably myself too...

> > * Now the client seems to start a new session, proably w/o TLS, but this fails
> > * on some sync issue:
>
> Yes, the client doesn't speak SMTP well enough to even wait for a

..
> You can work around this either with smtp_enforce_sync in the main
> config or in an ACL with "control = no_enforce_sync".


Yes, but if the first part (TLS) would work, we wouln't encounter the
second part (sync issue)...

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann HS12-RIPE -----------------------------------------
 gnupg encrypted messages are welcome - key ID: 48D0359B ---------------
 gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2  7E92 EE4E AC98 48D0 359B -