Bug#314296: Re: Bug#314296: exim4 NOT verifying server certificate
Wenzhuo Zhang
Wenzhuo Zhang <wenzhuo@zhmail.com>, 314296@bugs.debian.org
Sun, 19 Jun 2005 07:05:06 +0800
On Sat, Jun 18, 2005 at 10:59:37AM +0200, Marc Haber wrote:
> As Andreas spotted correctly, conf.d/main/03_exim4-config_tlsoptions
> only controls verification of the client certificates. For server
> certificate checking, you need to add the configuration option to the
> SMTP transport.
>
> I am reluctant to add infrastructure for this to the default
> configuration, since this is quite rarely used, and could break mail
> delivery.
My personal experiences tell me that SMTP AUTH over TLS is a very common
setup.
> I have, however clarified the documentation in
> conf.d/main/03_exim4-config_tlsoptions to clearly say that this option
> here only concernd client certificates and added a hint where to
> configure server certificate verification.
How about adding a macro, say MAIN_TLS_VERIFY_SMARTHOST, to
conf.d/transport/30_exim4-config_remote_smtp_smarthost?
> The SMTP account you have created is therefore not needed any more and
> can be removed.
I'll leave it there for the moment. Forgot to tell you last time that
the CA certificate is available at http://mail.linux-vs.org/cacert.crt.
> If there is anything more we can do for you, please feel free to
> re-open the bug that Andreas closed.
Thanks,
Wenzhuo