Re: [exim] Problem with tls_certificate and multiple domains

Top Page
Delete this message
Reply to this message
Author: DavidF
Date:  
To: Exim-users
Subject: Re: [exim] Problem with tls_certificate and multiple domains
Ok, so if I do:

openssl s_client -tls1 -starttls smtp -connect hosteddomain.com:587 -servername mail.hosteddomain.com

My hosts cPanel install with Exim returns my hosteddomain.com certificate. From the exim.conf, I see:

tls_certificate = ${if and \
    { \
        {gt{$tls_in_sni}{}} \
        {!match{$tls_in_sni}{/}} \
    } \
    {${if exists {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \
        {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \
        {${if exists {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \
            {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \
            {/etc/exim.crt} \
        }} \
    }} \
    {/etc/exim.crt} \
}



tls_privatekey = ${if and \
    { \
        {gt{$tls_in_sni}{}} \
        {!match{$tls_in_sni}{/}} \
    } \
    {${if exists {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \
        {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \
        {${if exists {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \
            {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \
            {/etc/exim.key} \
        }} \
    }} \
    {/etc/exim.key} \
}


So it’s using $tls_in_sni. But if I change my paths so they point to valid files and:

openssl s_client -tls1 -starttls smtp -connect mytestserverdomain.com:587 -servername mytestserverdomain.com

It is trying to serve the /etc/exim.key because $tls_in_sni is empty/not expanded as main.log shows.

Why is $tls_in_sni empty in my setup?