Author: Heiko Schlittermann Date: To: Christian Balzer CC: Exim-users Subject: Re: [exim] SSL wildcard certificate intermediate CA weirdness
Christian Balzer <chibi@???> (Fr 20 Dez 2019 14:49:27 CET): > > > The testmail.do.main VIP is handled by smtp01 and 02, with being resident
> > > on smtp01 for most of the testing, but failing it over doesn't change the
> > > outcome.
> >
> > If connections to the indiviual servers work as expected but connectin
> > to them via the loadbalancer fail, I'd check the loadbalancer first, not
> > Exim.
> >
> > Does your loadbalancer intercept the SSL connection?
> >
> Please re-read the thread, there is no loadbalancer involved in this test
> setup, just a (not so much) floating Virtual IP managed by pacemaker.
Ok. From "individual IPs" and the rest of the context I assume a
loadbalancer setup. (Yes, I know, assumption are the mother of …)
I do not see why GnuTLS should behave dependend on the IP you're
connecting to. I'd retest this with openssl s_server, or, since there is
not device in between, with gnutls-serv of the same version as the
libraries, Exim uses.
And I remember some issues with the order of the certs in the cert file.
