------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=824 Summary: clarifiactions on tls_verify_certificates and opera Product: Exim Version: 4.69 Platform: x86 OS/Version: Linux Status: NEW Keywords: work:tiny Severity: bug Priority: medium Component: TLS AssignedTo: [email protected] ReportedBy: [email protected] CC: [email protected] so I have an auto signed CA. I have my server.crt and server.key files, signed by the CA I use the same for apache2, courier-imap-ssl, mysql and exim4 I have a client.p12 file, signed by the CA, installed on client side on Opera. access to https works well. and it works with firefox, konqueror,and safari, and even IE, on gentoo, ubuntu, and even with XP... access to imap and mysql rocks. but what a pain it is to configure exim to do the same... here is some of exim config : tls_advertise_hosts = * tls_certificate = CONFDIR/exim.crt tls_privatekey = CONFDIR/exim.key tls_verify_certificates = /etc/ssl/certs #tls_verify_certificates = CONFDIR/ca-bundle.crt #tls_verify_certificates = CONFDIR/mellitech.pem #tls_try_verify_hosts = * tls_verify_hosts = * if I'm right , all smtp client are advise to use starttls, and all client have to show a certificate that gonna be verify by tls_verify_certificates. that's where the confusion shows up... a lot of forum/docs pretend tls_verify_certificates has to be a CA, and only a few talk about concat certifs or event /etc/ssl/certs dir with the r_rehash trick... none of them works for me : 1/ a single file with the certificate inside (begins with -----BEGIN CERTIFICATE----- and ends with -----END CERTIFICATE-----) gives TLS error on connection from blablabla: certificate verification failed (invalid) 2/ the CA file give the same and 3/ the /etc/ssl/certs dir gives TLS error on connection from blablabla (setup_certs): Error while reading file (which probably means I don't have gnutls support....) I would love to know why so many forums/docs talk about putting a CA file on tls_verify_certificates while official doc does not. And if by any chance somebody know how to fit the certificate in tls_verify_certificates and validate my opera client connection! any clue accepted..... pierre oh, by the way, I use opera 9.64... -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
