Hello,
I have problems connecting DANE configured hosts, when the MX has a correct TLSA-RR but an
valid certificate (letsencrypt) with the wrong CN.
I cases with self-signed certs and correct TLSA-RR there are no problems. With the correct CN in an
valid certificate and correct TLSA-RR everythings is also ok.
In the documentation I read:
>If DANE is requested and useable (see above) the following transport options are ignored:
> hosts_require_tls = *
> tls_verify_hosts
> tls_try_verify_hosts
> ls_verify_certificates
> ls_crl
> ls_verify_cert_hostnames
> ls_sni
and that translates to me, that DANE should have precedence, when the TLSA-RR and all other settings
match!
But that seems not the case.
What I am missing?
Thanks for any hints
Wolfgang
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
