Re: [exim] TLS "certificate and the given key do not match"

Top Page
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Steve Madsen
CC: Exim-users, nmav
Subject: Re: [exim] TLS "certificate and the given key do not match"
On Tue, 2013-07-09 at 10:58 -0400, Steve Madsen wrote:
> For anyone that runs across this thread in the future, I have solved
> the problem and is it ever maddening.
>
> GNU TLS was choking on the contents of the certificate file because
> pasting them from an email added an extra space at the end of each
> line. I removed the spaces and Exim is happily using the certificate
> and key.
>
> Graeme, thanks for the push towards GNU TLS. There was just enough
> chatter about how GNU TLS is more strict than OpenSSL for me to
> ultimately discover the root cause.


Have you reported this as a bug upstream to GnuTLS? If OpenSSL accepts
these certs then it would seem sensible for GnuTLS to do so.

If *not*, then you end up with GnuTLS being suboptimal as a replacement
for OpenSSL for projects like Exim, because it doesn't let us remain
backward-compatible with existing setups.

Although you could also work out where the extra space came from, and
ensure you file a bug for that too. Cutting and pasting from email
shouldn't corrupt the contents.

--
dwmw2