Christian Balzer <ch...@gol.com> (Fr 20 Dez 2019 14:49:27 CET): > > > The testmail.do.main VIP is handled by smtp01 and 02, with being resident > > > on smtp01 for most of the testing, but failing it over doesn't change the > > > outcome. > > > > If connections to the indiviual servers work as expected but connectin > > to them via the loadbalancer fail, I'd check the loadbalancer first, not > > Exim. > > > > Does your loadbalancer intercept the SSL connection? > > > Please re-read the thread, there is no loadbalancer involved in this test > setup, just a (not so much) floating Virtual IP managed by pacemaker.
Ok. From "individual IPs" and the rest of the context I assume a loadbalancer setup. (Yes, I know, assumption are the mother of …) I do not see why GnuTLS should behave dependend on the IP you're connecting to. I'd retest this with openssl s_server, or, since there is not device in between, with gnutls-serv of the same version as the libraries, Exim uses. And I remember some issues with the order of the certs in the cert file. -- Heiko
signature.asc
Description: PGP signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/