------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1479 --- Comment #2 from Phil Pennock <p...@exim.org> 2014-05-13 21:58:33 --- Exim is an MTA, there has been no sane approach to determining a hostname suitable for verification of certificate identity. Note that the normal handling of TLS failures for SMTP to remote hosts is, in every MTA, to fall back to clear text delivery without TLS. The DANE SMTP specification is going through the IETF process now, we've been involved with that document and we intend to support it with Exim; this lays down rules about determining the remote hostname, and requires DNSSEC by the target domain operator and a validating resolver. The only other use-case to support is to add a "tls_hostname_verify" setting, or "tls_hostname" used as the default for both verification and for "tls_sni". Where the administrator has specifically set a hostname to validate, instead of relying upon insecure DNS, we do have something reasonable to assert. Patches welcome. -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##