Ok, so if I do:
openssl s_client -tls1 -starttls smtp -connect hosteddomain.com:587 -servername mail.hosteddomain.com
My hosts cPanel install with Exim returns my hosteddomain.com certificate. From the exim.conf, I see:
tls_certificate = ${if and \
{ \
{gt{$tls_in_sni}{}} \
{!match{$tls_in_sni}{/}} \
} \
{${if exists {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \
{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \
{${if exists {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \
{${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \
{/etc/exim.crt} \
}} \
}} \
{/etc/exim.crt} \
}
tls_privatekey = ${if and \
{ \
{gt{$tls_in_sni}{}} \
{!match{$tls_in_sni}{/}} \
} \
{${if exists {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \
{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \
{${if exists {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \
{${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} \
{/etc/exim.key} \
}} \
}} \
{/etc/exim.key} \
}
So it’s using $tls_in_sni. But if I change my paths so they point to valid files and:
openssl s_client -tls1 -starttls smtp -connect mytestserverdomain.com:587 -servername mytestserverdomain.com
It is trying to serve the /etc/exim.key because $tls_in_sni is empty/not expanded as main.log shows.
Why is $tls_in_sni empty in my setup?
