https://bugs.exim.org/show_bug.cgi?id=2350
Bug ID: 2350
Summary: OCSP Problem for outgoing mails
Product: Exim
Version: 4.91
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: TLS
Assignee: jgh146exb@???
Reporter: torsten@???
CC: exim-dev@???
Hi,
when I use OCSP-Must-Stable certificates with
the OID setting:
1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05
for the CSR to get a certificate, I must use later use
tls_certificate
tls_privatekey
and
tls_ocsp_file
settings.
If I have not got a valid tls_ocsp_file than the stapling fails and an
increasing amount of mailclients can't connect to the SMTP port, because of
failing TLS verification.
So there is no problem for the incoming way (if you take care of having a valid
staple-file), but what happens when I connect to another SMTP Server and I am
requested to show my certificate?
In the remote_smtp transport section, I am not able to enable stapling.
I get
option "tls_ocsp_file" unknown
So, I show an OCSP-Must-Staple Certificate, but the OCSP stapled part is
missing. In a way I show an invalid cert.
Actually it didn't show any problem, but that could change fast, during the
increasing deployment of safer TLS implementations.
Torsten
--
You are receiving this mail because:
You are on the CC list for the bug.