Autor: Ian Zimmerman Data: Para: exim-users Asunto: Re: [exim] Delay on exim send increases with uptime
On 2020-02-03 00:54, Viktor Dukhovni wrote:
> > > And is the OpenSSL library that "/usr/bin/openssl" is linked with, the
> > > same one as the one for Exim?
> >
> > I am quite sure it is, because I build exim myself. I cannot be 100%
> > sure for debian packaged exim, but such a blunder would be completely
> > out of character.
>
> The idea is not to be "sure", but to actually check with "ldd".
>
> > > Is the /etc/ssl/certs/ directory "hashed" (lots of funny
> > > <hexdigits>.<smalldecimal> symlinks)?
> >
> > Yes.
>
> Well, in that case perhaps Exim is not loading the default CA locations,
> or there's some sort of file access control (SELinux? AppArmor? ...)
> that's preventing Exim from reading the directory.
>
> You'll have "strace" Exim and see what it is doing when it fails
> to verify the peer chain.
>
> Did you share the destination domain name at any point? Perhaps
> its certificate chain really does have some sort of issue.