[exim] Re: exim spitting out "bad certificate" log lines

Pàgina inicial
Delete this message
Reply to this message
Autor: Jeremy Harris
Data:  
A: exim-users
Assumpte: [exim] Re: exim spitting out "bad certificate" log lines
On 13/07/2023 20:30, Evgeniy Berdnikov via Exim-users wrote:
> Does TLS/SSL protocol provide enough information to conclude that alert
> should be interpreted as "bad certificate" message from other side?


The alert message on the wire has an identifiable sender, yes.
But we have to assume that OpenSSL reporting that error only does
it for ones it *receives*.

[Yes, there are hooks to look at more detail of the processing
that OpenSSL does. I'm not convinced it's worthwhile for this,
having had to do far too much of that already].

> Does it provide any granularity on this badness, such as time window,
> signature, algorithms and so on?


No.

--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/