Bug#482012: exim4: TLS incoming connections problems

[Diego Guella]

From: "Marc Haber"
> On Wed, May 21, 2008 at 03:25:22PM +0200, Diego Guella wrote:
>> The package who messed up my TLS setup with OE was:
>> ca-certificates
>> which was automatically installed when I installed:
>> fetchmail
>> 
>> What I did to resolve the problem:
>> 1. remove ca-certificates with aptitude
>> 2. rm /etc/ssl/certs/ca-certificates.crt
>> 
>> This is a brutal solution, but I don't need ca-certificates for now.
> 
> You can also set MAIN_TLS_TRY_VERIFY_HOSTS to the empty value to
> disable client certificate requests. This should help here as well.
> 
> Greetings
> Marc

It works. Thank you very much.

Can this be mentioned in exim4.conf.template, so other people can save time
if they have the same issue?

--- a/exim4.conf.template 2008-05-26 09:40:05.000000000 +0200
+++ b/exim4.conf.template 2008-05-26 09:45:17.000000000 +0200
@@ -391,7 +391,8 @@
 # condition can be tested for in ACLs through `verify = certificate')
 # By default, this check is done for all hosts. It is known that some
 # clients (including incredimail's version downloadable in February
-# 2008) choke on this. To disable, set MAIN_TLS_TRY_VERIFY_HOSTS to an
+# 2008 and Outlook Express' version included in Windows XP SP2) choke
+# on this. To disable, set MAIN_TLS_TRY_VERIFY_HOSTS to an
 # empty value.
 .ifndef MAIN_TLS_TRY_VERIFY_HOSTS
 MAIN_TLS_TRY_VERIFY_HOSTS = *


(Please note that I'm not a lawyer and I don't know if I should put some (r) (tm) near
Outlook, Express, Windows, XP, or SP2, or even if I have no rights to mention it!)

Thank you,
Diego