Bug#677826: TLS certificate not used for smarthost transport by default

[Ben Hutchings]

On Sun, 2012-06-17 at 09:05 +0200, Andreas Metzler wrote:
> On 2012-06-17 Ben Hutchings <ben at decadent.org.uk> wrote:
> > Package: exim4-config
> > Version: 4.80-3
> > Severity: normal
> > Tags: patch
> 
> > The configured (or default) TLS certificate and private key are not
> > used for a smarthost transport.
> 
> > The following patch fixes this for me, but I don't know that it is
> > generally correct.  By the point this fragment is read all the
> > MAIN_TLS_* macros seem to become undefined.  The patch defines some of
> > them again, but I think it can only work for the default certificate
> > and private key locations.  I don't know whether the disappearing
> > macros are a bug in exim4 itself or a subtlety of scoping in the
> > configuration file.  Either way, it's very confusing.
> [...]
> 
> Hello Ben,
> 
> I think there might be a misunderstanding. Exim has separate settings for
> configuring TLS as listening daemon and for outgoing connections.
> Almost every[1] single *tls* _main_ configuration option (incoming
> connections) has a corresponding setting for the smtp transport
> (outgoing connections).

Well I gathered that, but...

> The Debian configuration does the same, MAIN_TLS_* sets the changes
> the respective main TLS setting with no effect on the transport
> option.

OK, so how about adding new macros for this purpose?

Ben.

> cu andreas
> 
> [1] Except for gnutls_compat_mode which is deprecated anyway and
> tls_advertise_hosts.

-- 
Ben Hutchings
Time is nature's way of making sure that everything doesn't happen at once.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-exim4-maintainers/attachments/20120617/c8445ed1/attachment.pgp>