Re: [exim] DANE vs unknown CA

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-users
Subject: Re: [exim] DANE vs unknown CA
On Mon, May 03, 2021 at 06:33:24PM +0200, Heiko Schlittermann wrote:

> For the upcoming 4.94.2 a patch is part of the 4.94.2+fixes branch
> already. It will be cherry-picked to master soon.


Got a pointer to the patch?

> Thank you again for your fast response yesterday.


You're welcome. Yes, there's a non-trivial number of domains where
production of the correct certificate depends on sending the TLSA base
domain as the SNI value. I am not a fan of per-host-domain MX
hostnames, and associated reliance on SNI, but for some mysterious
reason there are operators who prefer this model.

-- 
    Viktor.