Hello, Heiko Schlittermann <h...@schlittermann.de> (Fr 19 Jun 2009 13:59:20 CEST): > Hello, > > after resolving the issues with certs not verified by GNUTLS (because of > the wrong signature algorithm) we experience some other problem: > > Whenever requesting a client certificate (tls_try_verify_hosts), the > client (Outlook Express) does not successfully connect. Without > requesting a certificate, TLS/SSL works.
I now recompiled exim using OpenSSL: I think, GNUTLS is not to blame, since with OpenSSL the communication breaks too, as soon as I enable tls_try_verify_hosts! 14434 listening on all interfaces (IPv4) port 25 14434 listening on all interfaces (IPv4) port 465 14434 listening on all interfaces (IPv4) port 587 14434 pid written to /var/run/exim4/exim.pid 14434 LOG: MAIN 14434 exim 4.69 daemon started: pid=14434, no queue runs, listening for SMTP on port 25 (IPv4) port 587 (IPv4) and for SMTPS on port 465 (IPv4) 14434 daemon running with uid=103 gid=105 euid=103 egid=105 14434 Listening... 14434 Connection request from 84.179.100.11 port 56331 14450 Process 14450 is handling incoming connection from [84.179.100.11] 14434 1 SMTP accept process running 14434 Listening... 14450 Process 14450 is ready for new message 14450 tls_certificate file /etc/ssl/certs/ssl.schlittermann.de.crt 14450 tls_privatekey file /etc/ssl/private/ssl.schlittermann.de.key 14450 Initialized TLS 14450 Calling SSL_accept 14450 SSL info: before/accept initialization 14450 SSL info: before/accept initialization 14450 SSL info: SSLv3 read client hello A 14450 SSL info: SSLv3 write server hello A 14450 SSL info: SSLv3 write certificate A 14450 SSL info: SSLv3 write certificate request A 14450 SSL info: SSLv3 flush data 14450 SSL info: SSLv3 read client certificate A 14450 LOG: MAIN 14450 TLS error on connection from p54b3640b.dip.t-dialin.net (hopperxp) [84.179.100.11] (SSL_accept): error:00000000:lib(0):func(0):reason(0) 14450 TLS failed to start 14450 LOG: smtp_connection MAIN 14450 SMTP connection from p54b3640b.dip.t-dialin.net (hopperxp) [84.179.100.11] I=[84.19.194.3]:587 closed by EOF 14434 child 14450 ended: status=0x0 14434 0 SMTP accept processes now running * Now the client seems to start a new session, proably w/o TLS, but this fails * on some sync issue: 14434 Listening... 14434 Connection request from 84.179.100.11 port 56332 14434 1 SMTP accept process running 14434 Listening... 14451 Process 14451 is handling incoming connection from [84.179.100.11] 14451 LOG: MAIN REJECT 14451 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=p54b3640b.dip.t-dialin.net [84.179.100.11] I=[84.19.194.3]:587 input="EHLO hopperxp\r\n" 14434 child 14451 ended: status=0x0 14434 0 SMTP accept processes now running
signature.asc
Description: Digital signature
-- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/