Author: Andreas Metzler Date: To: exim-users Subject: Re: [exim] 4.95 RC0 - gnutls outgoing TLS cert verification broken
On 2021-07-22 Jeremy Harris via Exim-users <exim-users@???> wrote: > On 19/07/2021 07:29, Andreas Metzler via Exim-users wrote: [...] >> SUPPORT_SYSDEFAULT_CABUNDLE is #defined in src/tls-gnu.c
>> #if GNUTLS_VERSION_NUMBER >= 0x030014
>> # define SUPPORT_SYSDEFAULT_CABUNDLE
>> #endif
>> but checked for in (in vain) in src/transports/smtp.c and src/globals.c. > Thanks for tracing this.
> Proposed fix attached. [...]
Good morning,
thank you, looks good and works for me with GnuTLS 3.7.1. I did not test
the fallback though. (Even Debian LTS - Stretch/Debian 9 has GnuTLS
3.5.x).
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'