[exim] Exim TLS client hostnames verification

Page principale
Supprimer ce message
Répondre à ce message
Auteur: lzwmmg
Date:  
À: Exim Users
Sujet: [exim] Exim TLS client hostnames verification
Hello Exim Users.

I've been using Exim4 on my workstation for sometime .
I discover a problem in Exim4's handing of server certificates verification,
when the smtp smarthosts' hostnames are DNS aliases Exim4 always can't
pass verification and
log with something like "certificate/cert name mismatch".
It seems Exim never check the *alias* hostname with the certificate
Subject & SubjectAltName field,
it always check the *canonical* hostname.

For example for gmail: smtp.gmail.com -> gmail-smtp-msa.l.google.com:
smtp.gmail.com is in Subject & SubjectAltName field
Exim check only gmail-smtp-msa.l.google.com and
gmail-smtp-msa.l.google.com not in Subject & SubjectAltName field,
so it log with "certificate/cert name mismatch".
Exim should compare the *alias* hostname smtp.gmail.com

How to make Exim check the *alias* hostname?

--
kevin