Re: [exim] Certificate validation failed

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Viktor Dukhovni
Datum:  
To: exim-users
Betreff: Re: [exim] Certificate validation failed
On Sat, Oct 30, 2021 at 12:01:39AM +0100, Dominik Vogt via Exim-users wrote:

> The local Exim is set up to relay outgoing mail that is sent by
> user X to server B and all other outgoing mail to server A. Both
> servers require TLS for outgoing mail. But Exim does not use TLS
> for server B and generates this log message:
>
> ... TLS session: (certificate verification failed): certificate
> invalid: delivering unencrypted to H=<server-b> [<ip-address>]
> (not in hosts_require_tls)


Is it really true that for lack of valid certificate there's a way to
get Exim to fall back to cleartext instead???

Either certificate validation is required, and in which delivery must be
deferred when validation fails, or else validation is *not* required,
in which case Exim should proceed despite certificate verification
failure.

The reported behaviour should be impossible, or at least very difficult
to configure without ignoring warnings that it makes no sense.

-- 
    Viktor.