Re: [exim-dev] [exim] Next Exim release

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-dev@exim.org
Subject: Re: [exim-dev] [exim] Next Exim release
On 14/12/15 18:08, Viktor Dukhovni wrote:
> On Mon, Dec 14, 2015 at 06:00:10PM +0000, Jeremy Harris wrote:
>
>>> Is that a bug report? Or just a cosmetic difference? The only
>>> thing that comes to mind is that you have a newer OpenSSL which
>>> which makes more callbacks than before:
>>
>> No change in openssl version: 1.0.1k-fips 8 Jan 2015
>>
>> Not a functional problem. A small performance one,
>> assuming there is actually no good reason for multiple
>> nonfailing calls for each layer. Probably a support-call
>> generator, given that these callbacks are visible to
>> sysadmins via Exim's events facility - unless I invent
>> some way to filter them.
>
> Perhaps we should take this to the exim-dev list? Feel free to
> respond there instead.
>
> It would be great if you could describe what this particular case
> is doing (post the TLSA RRset in question, and the server certificate
> chain. I don't need the private keys, I can trigger DANE chain
> validation without an actual TLS handshake.
>


(pseudo-zonefile entry)

; full MX, sha256, TA-mode
DNSSEC mxdane256ta          MX  1  dane256ta
DNSSEC dane256ta            A      HOSTIPV4
DNSSEC _1225._tcp.dane256ta TLSA 2 0 1
b2c6f27f2d16390b4f71cacc69742bf610d750534fab240516c0f2deb4042ad4




(server cert file)

Bag Attributes
    friendlyName: server1.example.com
    localKeyID: 39 11 FB 30 22 36 42 DA FC D7 A2 8A 0C 60 83 2F 66 A7 B8 4E
subject=/CN=server1.example.com
issuer=/O=example.com/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIIC0DCCAjmgAwIBAgIBZTANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
MzQwNVoXDTM4MDEwMTEyMzQwNVowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyAGT263/ZlxGjPEi2BQj
DMa/86TF+zVzMfozEZNOLiX6Sov54fW5I0nXCm0CjACOelLa2Eos/vqffxu0w5hM
A8slRHrt0Gak7dJjwgKK/5NAQDrA+WnyJx/62u25299oCKk+egulCC0D3XczA89N
cLuz8iKvYnWT+rdnbFdAPdcCAwEAAaOCAQcwggEDMA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AvZXhhbXBsZS5jb20vMGUGA1Ud
EQReMFyCIWFsdGVybmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLmNvbYIiYWx0ZXJu
YXRlbmFtZTIuc2VydmVyMS5leGFtcGxlLmNvbYITc2VydmVyMS5leGFtcGxlLmNv
bTANBgkqhkiG9w0BAQUFAAOBgQBWOqQ8y+u4J8KQCHQTiNxIxrUs5Sa+W5HUZ+c8
SRLXRzDfmNtY7RiofUvbl0j1XH9wuTdjM/EkYnKSYPVu2ra8c8jC3NaVmr0WFqLv
CvHXQWj2rZha0P/ZG1GfWc4vPYTQ7ugr65syGg4CPswwiUQJKnWBRqe27X1B61pj
+pxY7w==
-----END CERTIFICATE-----
Bag Attributes
    friendlyName: Signing Cert
subject=/O=example.com/CN=clica Signing Cert
issuer=/O=example.com/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA1WhcNMzgw
MTAxMTIzNDA1WjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzwXsp
P4RsZUoDfQfm5O5bi5unhwl+BTrKIaOtl5TBxMau+qEdKa02DD7Bx6PCzLKhWiZ3
/MrO7V/cXIBun97dF5Zr5kk+HJk+y3es+xoPd3doknvGQEC/0cSGLcEC7aQ/bEqi
fw2CgEY5ffkEAnDrdvGGeqBfJJGft/tqmlZbeQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQEFBQADgYEA
Lq4cCtWMjqLHqf6lJUOBMsm+tgFcYDdxwkTquSZyUrbP1jrODkg5lQWNCdvB76B2
tZQfMJ3F/kct2EAfsKbHqN3f+DARqPAR2qtOqzl3Ou5+TJjExKgojjzIAPFQzswH
7v4aglpReaPBaVSNOZ7bMn/E8yRy3o466bhzdEIDcII=
-----END CERTIFICATE-----
Bag Attributes
    friendlyName: Certificate Authority
subject=/O=example.com/CN=clica CA
issuer=/O=example.com/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA0WhcNMzgw
MTAxMTIzNDA0WjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL0wro64rve876glpdRh
tD6qFY6iH2kCarFFq3WaKmfCvOjYmn4CJr7pL7J5DuvCFh7A0H8lD/on5NK3yqkX
Yi6EUlaYWxeRo2/PuZYUGbCpejST41sibw9V2dT4MHLidjDShE0W9SfgiMmxfF02
H5hLYswAGCL1kezsVeEJeH31AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAIn9+8uyQtaq8sBEohTl
qyJQQeZk5xxaILYP/rCIxc+z5fgOh+usB9adaiD23RPuuD/P2c3UqHJQWqIUTu46
eOKn9K7X7ndIH3WnaC/u4nysL+SIAug72/k1BAVGNQvyNQMhth6CfZTgY0tgcS0Z
RSHyhbTD0HeiJDI281BoOJjm
-----END CERTIFICATE-----