Re: [exim] tls_verify_certificates = {forced failure} but it…

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] tls_verify_certificates = {forced failure} but it tries to verify the cert anyway
Hello Phil,

Phil Pennock <pdp@???> (Do 07 Nov 2013 23:05:31 CET):
> On 2013-11-07 at 22:36 +0100, Heiko Schlittermann wrote:
> >     remote_smtp:
> >         driver = smtp
> >         hosts_require_tls = mout.foo.bar
> >         tls_verify_certificate = ${if eq{$host}{mout.foo.bar}{CF/mout.foo.bar-crt.pem}fail}

>
> That should be "tls_verify_certificates" with an 's' on the end.


Of course, the cut was not perfect.

> > The spec.txt states:
> >     All the TLS options in the smtp transport are expanded before use, with $host


> >     client is connected. Forced failure of an expansion causes Exim to behave as if
> >     the relevant option were unset.

>
> This is not currently the case for tls_verify_certificates, and does not
> appear to have been the case in the past.
>
> I believe that the documentation is correct and that this is thus a bug.
> Could you please file an issue?



Done.

--
Heiko