Re: [exim] Certificate validation failed

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M-\Viktor Dukhovni at <-
M\M\Viktor Dukhovni at ->
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-users
Subject: Re: [exim] Certificate validation failed
On 2021-10-30 Viktor Dukhovni via Exim-users <exim-users@???> wrote:
[...]
> Is it really true that for lack of valid certificate there's a way to
> get Exim to fall back to cleartext instead???

Good morning,

If a host is in tls_verify_hosts and hosts_try_tls but not in
hosts_require_tls exim will fall back to cleartext. (That is for the
non-DANE case.)
[...]

@original submitter:
* Use a certiticate that verifyable without client-side changes., e.g. setup
DANE on the server and/or use e.g. a letsencrypt cert.
* Give client-side exim a way to verify the cert by adding the cert to
the trusted list.
* Modify the tls_verify_hosts setting.

cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Certificate validation failedRe: [exim] Certificate validation failed->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)