Author: Chris Knadle Date: To: exim-users Subject: Re: [exim] Received TLS cert status response, itself unverifiable
Rob Gunther: > I setup a new server (OK, several months back) it is an Exim server, the
> machines sole purpose is to send/receive mail.
>
> I never fully put it into production because I see these strange errors in
> the logs sometimes:
>
> Received TLS cert status response, itself unverifiable
>
> It seems to occur when sending mail to some remote hosts.... but not all.
> A lot of traffic goes out using TLS and there is no issue.
>
> When I get this error it occurs before the message it sent. It will
> actually show the message as being sent using TLS successfully. Here is a
> little snippet.
>
> 2015-11-24 07:09:32 1a17jH-0005wb-FR Received TLS cert status response,
> itself unverifiable
> 2015-11-24 07:09:33 1a17jH-0005wb-FR => fvm@??? F=<
> donotreply@???> R=ik_r T=r_smtp S=4299 H=mail.safe.com
> [108.16.186.230] X=TLSv1:AES128-SHA:128 C="250 2.6.0 <1.0@???>
> [InternalId=66884] Queued mail for delivery"
> 2015-11-24 07:09:33 1a17jH-0005wb-FR Completed
>
> I did some Google searching, the only thing that shows up is Exim source
> code in github.
If you look at the code in src/src/tls-openssl.c this error seems to be
specific to an OSCP failure response.
