Re: [exim-dev] [Bug 2311] New: DANE verify fails with a TA-m…

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMadmin at <-
MJeremy Harris at ->
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-dev
Subject: Re: [exim-dev] [Bug 2311] New: DANE verify fails with a TA-mode TLSA and a selfsigned sever cert


> On Sep 9, 2018, at 10:50 AM, admin--- via Exim-dev <exim-dev@???> wrote:
> 
>           Summary: DANE verify fails with a TA-mode TLSA and a selfsigned
>                    sever cert
>           Product: Exim
>           Version: 4.91
>          Hardware: x86
>                OS: Windows
>            Status: NEW
>          Severity: bug
>          Priority: medium
>         Component: Delivery in general
>          Assignee: nigel@???
>          Reporter: jgh146exb@???
>                CC: exim-dev@???

>
> This appears to be a GnuTLS library bug at present, but recording here for
> tracking purposes.

This does not appear to be the right description. DANE-TA(2) is NOT
expected to work with self-signed server certs, and the report for
lists.gentoo.org is not for a self-signed cert.

The reports seem to be for ordinary 2 or 3 level chains in which
DANE-TA(2) matches at depth 1 or higher (depth 0 is the EE cert). 

-- 
    Viktor.



This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 2312] Email From: <> refused deliveryRe: [exim-dev] [Bug 2311] New: DANE verify fails with a TA-mode TLSA and a selfsigned sever cert->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)