On 2014-11-26 Heiko Schlittermann <hs@???> wrote:
[...]
> tls_verify_certificates seems to cause some trouble. I'm talking about
> the main config option, but I assume that everything holds for the smtp
> driver option of the same name too.
> There are two (probably only loosely related issues):
> - The inconsistent results of not setting this option at all,
> having a forced failure, and setting it to an empty value.
> This could be talked about in another thread.
> - The confusing influence on loading a default trust store.
> This I'm talking about here and now …
[...]
Hello,
just to add another piece of the puzzle: Last time I checked
exim/openssl and exim/gnutls had a major difference in behavior with
respect to tls_(try)verify_certificates: exim/GnuTLS would send the
list of acceptable TLS certificates in the SSL handshake. If the list
is long enough, this breaks interconnectivity.
I do not know whether the code has changed since, though.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'