https://bugs.exim.org/show_bug.cgi?id=2198
Bug ID: 2198
Summary: DANE TLSA cert usage type 2 fails depending on the
OpenSSL library
Product: Exim
Version: 4.89
Hardware: x86-64
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: TLS
Assignee: jgh146exb@???
Reporter: hs@???
CC: exim-dev@???
Depending on the OpenSSL lib Exim is linked with, the DANE verification fails
if the TLSA record has "cert usage" 2 (as used by excalibur.iks-jena.de)
The following observation is valid for Debian systems, I'm not sure if other
Distros behave the same:
1.0.1t fails (Debian 7)
1.1.0f is ok (Debian 9)
I am not sure if this is a bug in a specific version of OpenSSL.
Currently the message is deferred and retried again and again, depending on the
retry rules, as expected.
The current log entry is not very meaningful. There we should put a warning
about the issue. And we should decide what do do in face of verification errors
(retry, defer, bounce, or freeze)
--
You are receiving this mail because:
You are on the CC list for the bug.
