On Sat, Feb 01, 2020 at 02:42:06PM -0500, Holden Rohrer via Exim-users wrote:
> It turns out that Debian's openssl is kind of broken, and this is a known > issue > (https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/396818). This isn't it. It is rather outdated, against a command-line utility in no longer used versions of OpenSSL. > I've tried rebuilding it (and Exim), but `openssl s_client -starttls > smtp -connect smtp.gmail.com:587` still doesn't work without > `-CApath=/etc/ssl/certs` (which were installed by Debian's > ca-certificates). Is your build configured to look in /etc/ssl for certificates? Likely not. $ openssl version -d OPENSSLDIR: "/etc/ssl" > For building openssl, I've tried to set a few different permutations > of `./config --prefix=/usr --openssldir=/etc/ssl`, but I haven't > managaged to get this working. Is this not actually a problem, and > I've misconfigured Exim's recognition of mailserver SSL, or is it not > recognizing the right openssl, or something? Also make sure that Exim is linked against the same OpenSSL library that your "openssl" command-line executable. > I've tried both ways of including OPENSSL in Local/Makefile (with and without > pkg-config), but neither worked. I figure this is the root of the issue, so > how > should I configure the build of Exim/openssl/some other package to handle > this? Use the OpenSSL library that comes with the OS, and place the "cert.pem" file and "certs/" sub-directory at the location reported by the system's "openssl version -d". On my FreeBSD system for example: $ strings /usr/local/lib/libcrypto.so | grep /cert /usr/local/openssl/certs /usr/local/openssl/cert.pem -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/