[exim-dev] [Bug 1413] tls_verify_certificates = {forced fail…

Top Page
Delete this message
Reply to this message
Author: Wolfgang Breyha
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 1413] tls_verify_certificates = {forced failure} but Exim still tries to verify the certificate.
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1413

Wolfgang Breyha <wbreyha@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |wbreyha@???





--- Comment #2 from Wolfgang Breyha <wbreyha@???> 2013-11-07 23:43:57 ---

I think this is a GnuTLS specific problem. The OpenSSL code doesn't set the
callback function for verification if the expansion fails in setup_certs().

But the GnuTLS code is different and sets (4.80:tls-gnu.c:1574)
state->verify_requirement = VERIFY_REQUIRED;
based on verify_certs != NULL only regardless of the result of the string
expansion of tls_verify_certificates.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email