[exim] Re: exim spitting out "bad certificate" log lines

Góra strony
Delete this message
Reply to this message
Autor: Evgeniy Berdnikov
Data:  
Dla: exim-users
Temat: [exim] Re: exim spitting out "bad certificate" log lines
On Thu, Jul 13, 2023 at 11:11:31AM -0400, Viktor Dukhovni via Exim-users wrote:
> Perhaps the OpenSSL library could change the message to be:
>
>     "TLS fatal alert from <peer|client|server>: bad certificate"


Does TLS/SSL protocol provide enough information to conclude that alert
should be interpreted as "bad certificate" message from other side?
Does it provide any granularity on this badness, such as time window,
signature, algorithms and so on?

As far as I understand from reading traffic captures, there are no text
fields in TLS/SSL alert messages. It looks like severe design flaw
of this protocol, leading to problems in diagnostic on both sides.
--
Eugene Berdnikov

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/