[exim-dev] [Bug 2198] New: DANE TLSA cert usage type 2 fails…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MM+++++++\admin at <-
.MMMMMMMMMadmin at ->
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2198] New: DANE TLSA cert usage type 2 fails depending on the OpenSSL library
https://bugs.exim.org/show_bug.cgi?id=2198 

            Bug ID: 2198
           Summary: DANE TLSA cert usage type 2 fails depending on the
                    OpenSSL library
           Product: Exim
           Version: 4.89
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: TLS
          Assignee: jgh146exb@???
          Reporter: hs@???
                CC: exim-dev@???


Depending on the OpenSSL lib Exim is linked with, the DANE verification fails
if the TLSA record has "cert usage" 2 (as used by excalibur.iks-jena.de)

The following observation is valid for Debian systems, I'm not sure if other
Distros behave the same:

1.0.1t fails (Debian 7)
1.1.0f is ok (Debian 9)

I am not sure if this is a bug in a specific version of OpenSSL.

Currently the message is deferred and retried again and again, depending on the
retry rules, as expected.

The current log entry is not very meaningful. There we should put a warning
about the issue. And we should decide what do do in face of verification errors
(retry, defer, bounce, or freeze)

--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 2197] New: DANE TLSA cert usage type 2 fails depending on the OpenSSL library[exim-dev] [Bug 2198] DANE TLSA cert usage type 2 fails depending on the OpenSSL library->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)