[exim-dev] [Bug 2594] CNAME handling can break TLS certifica…

Página Inicial
Delete this message
Reply to this message
Autor: admin
Data:  
Para: exim-dev
Tópicos Antigos: [exim-dev] [Bug 2594] New: CNAME handing can break TLS certificate verification
Assunto: [exim-dev] [Bug 2594] CNAME handling can break TLS certificate verification
https://bugs.exim.org/show_bug.cgi?id=2594

Jeremy Harris <jgh146exb@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED


--- Comment #7 from Jeremy Harris <jgh146exb@???> ---
(In reply to Phil Pennock from comment #5)
> In the original bug-report here:
>
> """
> Cert hostname to check: "mail.edesix.local"
> Setting TLS SNI "mail.dev.edesix.com"
> """
>
> That is clearly an unfortunate combination. The first should use the same
> value as the second.


The SNI to be sent derives from a transport option. The writer of the config
has full latitude for foot-shooting. Of course, in the context of this bug we
realise that said writer has precious little help in obtaining a value which
would be in line with the discussions on exim-dev - that the value to be
compared
for certificate name-checking should be the result of any MX lookup, or the
start of any CNAME chain leading to the eventual A or AAAA.

I'll leave that issue for later.

--
You are receiving this mail because:
You are on the CC list for the bug.