Re: [exim] My self signed cert seems to fail with american e…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Viktor Dukhovni
Datum:  
To: exim-users
Betreff: Re: [exim] My self signed cert seems to fail with american express
On Thu, Feb 20, 2014 at 07:23:19PM +0100, Andreas Metzler wrote:

> - The hostname in the certificate does NOT match 'mail1.merlins.org'
> verify error:num=10:certificate has expired
> notAfter=Jan 25 21:52:08 2014 GMT


With opportunistic TLS, none of this *should* matter. The SMTP
client completed the handshake and used the encrypted channel to
send EHLO and QUIT.

Of course it is possible that some SMTP clients apply certificate
expiration checks and/or name checks even for opportunistic TLS,
but they would have trouble sending email to a lot more domains
than merlins.org.

-- 
    Viktor.