Hi,
for my installation I can assure that exim is linked to gnutls
(libgnutls-dane0 + libgnutls30, currently installed with version 3.5.8).
After installing gnutls-bin (and for the undocumented dependencies
dns-root-data) and disabling of the root certificate, dane verifies
without problems with danetool:
Resolving 'lists.gentoo.org:smtp'...
Obtaining certificate from '208.92.234.80:25'...
Querying DNS for lists.gentoo.org (tcp:25)...
==== Entry 1 ====
_25._tcp.lists.gentoo.org. IN TLSA ( 02 01 01 563b3caf8cfef34c2335caf560a7a95906e8488462eb75ac59784830df9e5b2b )
Certificate usage: Local CA (02)
Certificate type: SubjectPublicKeyInfo (01)
Contents: SHA2-256 hash (01)
Data: 563b3caf8cfef34c2335caf560a7a95906e8488462eb75ac59784830df9e5b2b
Verification: Certificate matches.
==== Entry 2 ====
_25._tcp.lists.gentoo.org. IN TLSA ( 02 01 01 60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18 )
Certificate usage: Local CA (02)
Certificate type: SubjectPublicKeyInfo (01)
Contents: SHA2-256 hash (01)
Data: 60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus@???>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
