Bug#544472: server certificate verification fails when connecting as an SMTP client?
Andreas Metzler
ametzler at downhill.at.eu.org
Tue Sep 1 17:03:14 UTC 2009
On 2009-08-31 Ivan Shmakov <ivan at main.uusia.org> wrote:
> Package: exim4-daemon-heavy
> Version: 4.69-9
> Severity: important
> It seems that the certificate verification fails when Exim
> connects to the peer, while should the peer in question connect
> to Exim, it succeeds. Consider, e. g.:
> * accepting peer's connection (we're the server):
> 2009-08-31 20:03:54 1MiD6Y-0006C4-8S <= ivan at main... H=... (...) [62.109.12.37] P=esmtps X=TLS1.0:RSA_AES_256_CBC_SHA1:32 CV=yes DN="C=RU,ST=Altai Krai,O=Private,OU=SMTP peers,CN=waterlily.ip.uusia.org,EMAIL=ivan at main.uusia.org" S=800 id=E1MiD6M-00052j-9C at ...
> * making a connection to the same peer (we're the client):
> 2009-08-31 20:05:43 1MiD8A-0008Jf-2X => ivan at main... R=hubbed_hosts T=remote_smtp H=waterlily.ip.uusia.org [62.109.12.37] X=TLS1.0:RSA_AES_256_CBC_SHA1:32 CV=no DN="C=RU,ST=Altai Krai,O=Private,OU=SMTP peers,CN=waterlily.ip.uusia.org,EMAIL=ivan at main.uusia.org"
> Note the CV=yes vs. CV=no discrepancy.
[...]
Hello,
Afaict you have provided exim with a list of trusted certificates to
check incoming connections (main configuration option
tls_verify_certificates) against but you have not toggled the
corresponding option for outgoing connections (the
tls_verify_certificates private option of the smtp transport).
cu andreas
More information about the Pkg-exim4-maintainers
mailing list