> My goal is getting informations, which of the presented certs during
> the TLS handshake exim takes into account for verifing the DANE RR.
> Furthermore if exim compares hostname against CN or one of the
> additional SANs embedded in the cert.
You may want to try using an external tool (not Exim) to verify and
inspect the TLS certificate chain presented by the external mail server.
My favourite tool for this is 'certigo':
https://github.com/square/certigo
A typical usage for this would be:
certigo connect -v -t smtp --identity "your.host.name" remote.mail.server:smtp
Then you can see if certigo verifies the certificate chain and what key
usages the various TLS certificates involved specify (typically 'Server
Auth' and 'Client Auth' for the server's direct TLS certificate).
- cks
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
