Re: [exim] Certificate validation failed

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Andreas Metzler
Datum:  
To: exim-users
Betreff: Re: [exim] Certificate validation failed
On 2021-10-30 Viktor Dukhovni via Exim-users <exim-users@???> wrote:
[...]
> Is it really true that for lack of valid certificate there's a way to
> get Exim to fall back to cleartext instead???


Good morning,

If a host is in tls_verify_hosts and hosts_try_tls but not in
hosts_require_tls exim will fall back to cleartext. (That is for the
non-DANE case.)
[...]

@original submitter:
* Use a certiticate that verifyable without client-side changes., e.g. setup
DANE on the server and/or use e.g. a letsencrypt cert.
* Give client-side exim a way to verify the cert by adding the cert to
the trusted list.
* Modify the tls_verify_hosts setting.

cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'