Re: [exim] A study of failing tls certs, with valid certifi…

Góra strony
Delete this message
Reply to this message
Autor: Graeme Fowler
Data:  
Dla: exim-users
Temat: Re: [exim] A study of failing tls certs, with valid certificate files
On 9 Jan 2023, at 12:05, Jeremy Harris via Exim-users <exim-users@???> wrote:
> It wouldn't be an OpenSSL change. Exim (since 4.95) on both Linux
> and FreeBSD platforms[*] sets a watch on the relevant directories and files,
> and (supposedly) reloads certs when they change. Best guess is that
> this mechanism failed for some reasons.


Could it be that the path - a symlink to a symlink to a file - wasn't fully dereferenced, so from Exim's perspective the file hadn't changed? ISTR that inotofy used to (many years ago), but that was changed somwhere in the kernel 2.x days.

[searches...]

Perhaps. Although I did find a bug (2909) and the commit to fix it (a1ec98d). If I'm reading the Fedora changelog properly, that commit is not in the RPM the OP is running because it post-dates the 4.96 release. Although it's unclear if it'll fix the issue cleanly, because there are two symlinks before the actual file!

Graeme