[exim-dev] [Bug 2198] New: DANE TLSA cert usage type 2 fails…

Top Pagina
Delete this message
Reply to this message
Auteur: admin
Datum:  
Aan: exim-dev
Onderwerp: [exim-dev] [Bug 2198] New: DANE TLSA cert usage type 2 fails depending on the OpenSSL library
https://bugs.exim.org/show_bug.cgi?id=2198

            Bug ID: 2198
           Summary: DANE TLSA cert usage type 2 fails depending on the
                    OpenSSL library
           Product: Exim
           Version: 4.89
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: TLS
          Assignee: jgh146exb@???
          Reporter: hs@???
                CC: exim-dev@???


Depending on the OpenSSL lib Exim is linked with, the DANE verification fails
if the TLSA record has "cert usage" 2 (as used by excalibur.iks-jena.de)

The following observation is valid for Debian systems, I'm not sure if other
Distros behave the same:

1.0.1t fails (Debian 7)
1.1.0f is ok (Debian 9)

I am not sure if this is a bug in a specific version of OpenSSL.

Currently the message is deferred and retried again and again, depending on the
retry rules, as expected.

The current log entry is not very meaningful. There we should put a warning
about the issue. And we should decide what do do in face of verification errors
(retry, defer, bounce, or freeze)

--
You are receiving this mail because:
You are on the CC list for the bug.