[exim-dev] [Bug 1413] tls_verify_certificates = {forced fail…

Top Page
This message is part of the following thread:
M+++\the complete thread tree sorted by date
MMMMMHeiko Schlittermann at <-
Wolfgang Breyha at ->
Delete this message
Reply to this message
Author: Wolfgang Breyha
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 1413] tls_verify_certificates = {forced failure} but Exim still tries to verify the certificate.
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1413

Wolfgang Breyha <wbreyha@???> changed: 

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |wbreyha@???





--- Comment #2 from Wolfgang Breyha <wbreyha@???> 2013-11-07 23:43:57 ---

I think this is a GnuTLS specific problem. The OpenSSL code doesn't set the
callback function for verification if the expansion fails in setup_certs().

But the GnuTLS code is different and sets (4.80:tls-gnu.c:1574)
state->verify_requirement = VERIFY_REQUIRED;
based on verify_certs != NULL only regardless of the result of the string
expansion of tls_verify_certificates.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 1413] tls_verify_certificates = {forced failure} but Exim still tries to verify the certificate.[exim-dev] [Bug 1413] tls_verify_certificates = {forced failure} but Exim still tries to verify the certificate.->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)