Bug#482012: exim4: TLS incoming connections problems
Diego Guella
diego.guella at sircomtech.com
Mon May 26 07:43:04 UTC 2008
From: "Marc Haber"
> On Wed, May 21, 2008 at 03:25:22PM +0200, Diego Guella wrote:
>> The package who messed up my TLS setup with OE was:
>> ca-certificates
>> which was automatically installed when I installed:
>> fetchmail
>>
>> What I did to resolve the problem:
>> 1. remove ca-certificates with aptitude
>> 2. rm /etc/ssl/certs/ca-certificates.crt
>>
>> This is a brutal solution, but I don't need ca-certificates for now.
>
> You can also set MAIN_TLS_TRY_VERIFY_HOSTS to the empty value to
> disable client certificate requests. This should help here as well.
>
> Greetings
> Marc
It works. Thank you very much.
Can this be mentioned in exim4.conf.template, so other people can save time
if they have the same issue?
--- a/exim4.conf.template 2008-05-26 09:40:05.000000000 +0200
+++ b/exim4.conf.template 2008-05-26 09:45:17.000000000 +0200
@@ -391,7 +391,8 @@
# condition can be tested for in ACLs through `verify = certificate')
# By default, this check is done for all hosts. It is known that some
# clients (including incredimail's version downloadable in February
-# 2008) choke on this. To disable, set MAIN_TLS_TRY_VERIFY_HOSTS to an
+# 2008 and Outlook Express' version included in Windows XP SP2) choke
+# on this. To disable, set MAIN_TLS_TRY_VERIFY_HOSTS to an
# empty value.
.ifndef MAIN_TLS_TRY_VERIFY_HOSTS
MAIN_TLS_TRY_VERIFY_HOSTS = *
(Please note that I'm not a lawyer and I don't know if I should put some (r) (tm) near
Outlook, Express, Windows, XP, or SP2, or even if I have no rights to mention it!)
Thank you,
Diego
More information about the Pkg-exim4-maintainers
mailing list