Re: [exim] tls_verify_certificates = {forced failure} but it…

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-users
Subject: Re: [exim] tls_verify_certificates = {forced failure} but it tries to verify the cert anyway
On 2013-11-07 at 22:36 +0100, Heiko Schlittermann wrote:
>     remote_smtp:
>         driver = smtp
>         hosts_require_tls = mout.foo.bar
>         tls_verify_certificate = ${if eq{$host}{mout.foo.bar}{CF/mout.foo.bar-crt.pem}fail}


That should be "tls_verify_certificates" with an 's' on the end.

> The spec.txt states:
>
>     All the TLS options in the smtp transport are expanded before use, with $host
>     and $host_address containing the name and address of the server to which the
>     client is connected. Forced failure of an expansion causes Exim to behave as if
>     the relevant option were unset.


This is not currently the case for tls_verify_certificates, and does not
appear to have been the case in the past.

I believe that the documentation is correct and that this is thus a bug.
Could you please file an issue? (Am trying to focus on a talk right
now)