------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1489
--- Comment #7 from Mike Cardwell <exim-users@???> 2014-06-05 14:26:53 ---
(In reply to comment #5)
> The "sig_algorithm" result is that given by the OpenSSL library for the calls
>
> OBJ_nid2ln(X509_get_signature_type((X509 *)cert))
>
> not a result of a parse error by the exim code. It might be worthwhile asking
> on the OpenSSL mailing list when this result string can be returned.
A quick google found somebody else who is seeing this and how they fixed it:
https://stackoverflow.com/questions/19394151/how-to-get-the-cipher-signature-after-ssl-handshake
That might be a starting point.
> The bunch of crap returned for the "signature" result comes from the call
>
> X509_print_ex(bp, (X509 *)cert, 0,
> X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION | X509_FLAG_NO_SERIAL |
> X509_FLAG_NO_SIGNAME | X509_FLAG_NO_ISSUER | X509_FLAG_NO_VALIDITY |
> X509_FLAG_NO_SUBJECT | X509_FLAG_NO_PUBKEY | X509_FLAG_NO_EXTENSIONS |
> /* X509_FLAG_NO_SIGDUMP is the missing one */
> X509_FLAG_NO_AUX)
>
> I'm sorry it's not what you expected; any suggestion for improvement will be
> welcome.
I expected it to return the SHA256 fingerprint of the client cert. However, I
realise now what I was looking for was actually:
${sha256:$tls_in_peercert}
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email
