Re: [exim-dev] Exim 4.86 segfault on FreeBSD 10.2

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-dev
Subject: Re: [exim-dev] Exim 4.86 segfault on FreeBSD 10.2
On 28/09/15 15:18, Robert Blayzor wrote:
> One thing I have noticed going from 4.85 to 4.86 (perhaps this is coincidence) is that we’re seeing a lot more SSL verification errors:
>
> ie:
>
> exim[69814]: 1ZgZDk-000I9s-NG [2001:630:212:8::e:f0e] SSL verify error: depth=0 error=self signed certificate cert=/C=GB/ST=Cambridge/L=University of Cambridge/O=Exim Maintainers/CN=hummus.csx.cam.ac.uk
>
>
>
> Anyone know how to disable these? I’ve tried:
>
> tls_verify_hosts = !*
> tls_try_verify_hosts = !*


Probably coincidence; this is associated with the introduction of
name-checks on certificates. It turns out that far too many actors
who ought to know better are using certs that are invalid in this
respect.

See the tls_verify_cert_hostnames option if you want to disable the
checking.

There isn't a way at present to disable just the log noise; probably
not hard to code but I've just not gotten to it. RFE at bugs.exim.org
if you're interested, please.
--
Cheers,
Jeremy