Re: [exim] A study of failing tls certs, with valid certifi…

Góra strony
Delete this message
Reply to this message
Autor: Jeremy Harris
Data:  
Dla: exim-users
Temat: Re: [exim] A study of failing tls certs, with valid certificate files
On 09/01/2023 11:30, Cyborg via Exim-users wrote:
> It may be a good idea to check for a new solution inside exim like auto reloading the used cert every 24h's the server is running, if openssl3 is causing this "detection" bug.


It wouldn't be an OpenSSL change. Exim (since 4.95) on both Linux
and FreeBSD platforms[*] sets a watch on the relevant directories and files,
and (supposedly) reloads certs when they change. Best guess is that
this mechanism failed for some reasons.

*] For any platform not noted in the build config as supporting
either "inotify" or "kevent", TLS credentials are not cached
but re-read from file on every connection.
--
Cheers,
Jeremy