[Pkg-exim4-users] tls_verify_certificates = system

Calum Mackay calum.mackay at cdmnet.org
Mon Sep 7 16:30:37 UTC 2015

thanks for the reply, Marc,

On 07/09/2015 11:06, Marc Haber wrote:
>> as per spec Ch.14.
> This pointed exim to a certificates file called "system". Is that
> what you wanted?
> I might have overlooked it, but spec.txt chapter 14 does not seem to
> indicate that "system" is a valid or special setting.

Ch.14 says, for tls_verify_certificates:

> The value of this option is expanded, and must then be either the
> word "system" or the absolute path to a file or directory containing
> permitted certificates for clients that match tls_verify_hosts or
> tls_try_verify_hosts.
> The "system" value for the option will use a system default location
> compiled into the SSL library. This is not available for GnuTLS
> versions preceding 3.0.20, and will be taken as empty; an explicit
> location must be specified.

This "system" value is new in 4.86, which is what I'm running (sid).

I read this as a tidy way to avoid hard-coding the Debian 
ca-certificates location into the config. It's not a big deal, obviously.

thanks much,


More information about the Pkg-exim4-users mailing list