Re: [exim] SSL wildcard certificate intermediate CA weirdnes…

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
To: Christian Balzer
CC: Exim-users
Subject: Re: [exim] SSL wildcard certificate intermediate CA weirdness
Christian Balzer <chibi@???> (Fr 20 Dez 2019 14:49:27 CET):
> > > The VIP is handled by smtp01 and 02, with being resident
> > > on smtp01 for most of the testing, but failing it over doesn't change the
> > > outcome.
> >
> > If connections to the indiviual servers work as expected but connectin
> > to them via the loadbalancer fail, I'd check the loadbalancer first, not
> > Exim.
> >
> > Does your loadbalancer intercept the SSL connection?
> >
> Please re-read the thread, there is no loadbalancer involved in this test
> setup, just a (not so much) floating Virtual IP managed by pacemaker.

Ok. From "individual IPs" and the rest of the context I assume a
loadbalancer setup. (Yes, I know, assumption are the mother of …)

I do not see why GnuTLS should behave dependend on the IP you're
connecting to. I'd retest this with openssl s_server, or, since there is
not device in between, with gnutls-serv of the same version as the
libraries, Exim uses.

And I remember some issues with the order of the certs in the cert file.