Hello exim-users,
I am trying to setup a smtp transport that should verify whether the
remote host presented a valid SSL certificate for the MX record of $domain.
When I set "tls_verify_hosts = *" and some other options this seems to
work well. "CV=yes" is logged and $tls_out_certificate_verified is set
to 1.
However, if I replace "tls_verify_hosts = *" with ""tls_try_verify_hosts
= *", "CV=no" is logged and $tls_out_certificate_verified is unset. It
seems that no certificate validation is performed. However, the
connections seems fine and $tls_out_peerdn looks good.
The test case was exactly the same.
I would prefer running tls_try_verify_hosts for some time and just have
some logging about the failed verification before switching to rejecting
connections (tls_verify_hosts). I assumed that tls_try_verify_hosts
should work exactly this way and consider this a bug.
Mario
--
Mit freundlichen Grüßen,
Mario Lipinski
IServ GmbH
Bültenweg 73
38106 Braunschweig
Telefon: 0531-2243666-0
Fax: 0531-2243666-9
E-Mail: info@???
Internet: iserv.eu
USt-IdNr. DE265149425 | Amtsgericht Braunschweig | HRB 201822
Geschäftsführer: Benjamin Heindl, Jörg Ludwig
