Bug#865408: exim4-config: "tls_certificate" option set for the second time

Marc Haber mh+debian-packages at zugschlus.de
Wed Jun 21 08:05:42 UTC 2017 

On Wed, Jun 21, 2017 at 09:26:07AM +0200, Francesco Malvezzi wrote:
> the following exim4.conf.localmacros
> 
> MAIN_TLS_ENABLE = true
> REMOTE_SMTP_SMARTHOST_PRIVATEKEY = /etc/exim4/exim.key
> REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE = /etc/exim4/exim.crt
> MAIN_TLS_VERIFY_CERTIFICATES = /etc/ssl/certs/DigiCertCA.crt
> MAIN_TLS_VERIFY_HOSTS = *
> 
> leads to a broken /var/lib/exim4/config.autogenerated.tmp

What would be the "brokenness"? What is the exact error message?

> whose most suspicious lines are:
> 
> .ifdef MAIN_TLS_CERTKEY
> tls_certificate = MAIN_TLS_CERTKEY
> .else
> .ifndef MAIN_TLS_CERTIFICATE
> MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
> .endif
> tls_certificate = MAIN_TLS_CERTIFICATE
> 
> how is it possible the same 'tls_certificate' can be assigned to a key or a public certificate?

spec.txt says:
--------------
+---------------+---------+-------------+--------------+
|tls_certificate|Use: main|Type: string*|Default: unset|
+---------------+---------+-------------+--------------+

The value of this option is expanded, and must then be the absolute path
to a file which contains the server's certificates. The server's private
key is also assumed to be in this file if tls_privatekey is unset. See
chapter 41 for further details.
--------------

CERTKEY is an indication that the file might contain both certificate
and private key.

> Unfortunately this blocks exim4 installation.

Which is yet to be shown.

> -- Configuration Files:
> /etc/exim4/conf.d/acl/00_exim4-config_header [Errno 2] File o directory non esistente: u'/etc/exim4/conf.d/acl/00_exim4-config_header'
> /etc/exim4/conf.d/acl/20_exim4-config_local_deny_exceptions [Errno 2] File o directory non esistente: u'/etc/exim4/conf.d/acl/20_exim4-config_local_deny_exceptions'

Please do not delete those directories, the scripts are not tested for
this case. And it also clutters up bug reports.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421

More information about the Pkg-exim4-maintainers mailing list