Hi,
i tried to use a smtp transport with tls_require_ciphers set (openssl).
Exim crashed with following log line and the message was freezed.
2010-04-09 12:26:01 1O0BPV-0003bv-Gk == test@??? R=simple
T=remote_smtp defer (-1): smtp transport process returned non-zero
status 0x000b: terminated by signal 11
So i tried several combinations of tls_require_ciphers:
works: tls_require_ciphers=DES-CBC3-SHA
crash: tls_require_ciphers=ALL
crash: tls_require_ciphers=ALL:!LOW
crash: tls_require_ciphers=DES-CBC3-SHA:AES128-SHA
if i specified more than one explicit cipher, exim crashed. A Backtrace
showed it crashed in X509_get_subject_name(server_cert) in function
tls_client_start.
I added a little debugging and it showed, if one cipher is used
server_cert = SSL_get_peer_certificate (ssl) gets a valid pointer. If
more than on pointer is used used server_cert is NULL and
X509_get_subject_name is called with a NULL pointer. Don't know if that
is the cause. But i am clueless now how to proceed. Attached a core and
exim.conf.
libssl: 0.9.8g-13
exim: exim-4.69
Thanks
Martin
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
rfc1413_hosts = *
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
begin acl
acl_check_rcpt:
accept
acl_check_data:
accept
begin routers
simple:
driver = manualroute
transport = remote_smtp
route_list = * mail1.luputan.com
begin transports
remote_smtp:
driver = smtp
tls_require_ciphers = ALL
begin retry
# Address or Domain Error Retries
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators
