Hi Andreas,
I have this as my config.
tls_certificate = /etc/exim4/mail.fsck.tv-cert.pem
tls_privatekey = /etc/exim4/mail.fsck.tv-key.pem
log_selector = +tls_peerdn
tls_dhparam = /etc/exim4/dh.key
tls_advertise_hosts = *
#auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
auth_advertise_hosts = *
tls_try_verify_hosts = *
tls_verify_certificates = /etc/exim4/cacerts/cacert.pem _<- (yes this is
a file and not a directory)_
The point I was trying to make is that exim doesn't send a certificate
when asked
even if you have the following:
remote_smtp:
driver = smtp
tls_certificate = /etc/exim4/mail.fsck.tv-cert.pem
tls_privatekey = /etc/exim4/mail.fsck.tv-key.pem
recompile both servers against openssl and it magicly works, but only if
both are build against openssl.
Regards
Jon
On 01/08/10 17:35, Andreas Metzler wrote:
On 2010-08-01 Jon Westgate<o...@fsck.tv> wrote:
Package: exim4
Version: 4.72-1
Severity: important
Tags: upstream
I have been asked to setup an exim4 server for use with CJSM.
https://www.cjsm.net This requires that a server (acting as a smart
host in this case) encrypt and sign all emails headed for CJSM.
This is something that according to exim.org, exim should ba
capeable of doing. After struggling with this for a number of days
I came accross a blog entry on the web saying that exim compiled
against openssl seemed to work where as exim compiled against gnutls
didn't. I recompiled and hey presto everything works. I'm not
campaining for openssl to be the default in exim, just mearly
registering the fact that both tls_try_verify_hosts and
tls_verify_hosts directives fail with this package. Indeed exim as
a client does not send a certificate when asked for one.
[...]
Hello,
the information you provided is sparse. I was to ask for a guess I would think
that stumpled upon
| 39.2 OpenSSL vs GnuTLS
|
| The tls_verify_certificates option must contain the name of a file,
| not the name of a directory (for OpenSSL it can be either).
cu andreas
