Jeremy Harris via Exim-users wrote on 14.03.2023 00:00: > On 12/03/2023 21:51, Victor Ustugov via Exim-users wrote: >> Rather, the lack of SNI support does not prevent me from getting >> response to access token refresh request. But Exim puts certificate >> verification error message into the logs. > > Having found a way of doing basic functionality testing > of it, pushed 6fdf76d0eae4.
Great. FreeBSD 13.1, exim 4.96 without patch: # exim -be '${readsocket{inet:oauth2.googleapis.com:443}{GET / HTTP/1.1\r\nHost: oauth2.googleapis.com\r\nConnection: close\r\n\r\n}{20s:tls=yes}{\n}{socket failure}}' 2>&1 | perl -n -e 'print $_ if (1.../^\r?\n$/)' 2023-03-14 01:33:58 [14476] [NULL] SSL verify error: depth=0 error=self signed certificate cert=/OU=No SNI provided; please fix your client./CN=invalid2.invalid 2023-03-14 01:33:58 [14476] [NULL] SSL verify error: certificate name mismatch: DN="/OU=No SNI provided; please fix your client./CN=invalid2.invalid" H="oauth2.googleapis.com" HTTP/1.1 404 Not Found Date: Mon, 13 Mar 2023 23:33:58 GMT Content-Type: text/html; charset=UTF-8 Server: ESF Content-Length: 1561 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close FreeBSD 13.1, exim 4.96 with patch: # exim -be '${readsocket{inet:oauth2.googleapis.com:443}{GET / HTTP/1.1\r\nHost: oauth2.googleapis.com\r\nConnection: close\r\n\r\n}{20s:tls=yes:sni=oauth2.googleapis.com}{\n}{socket failure}}' 2>&1 | perl -n -e 'print $_ if (1.../^\r?\n$/)' HTTP/1.1 404 Not Found Date: Mon, 13 Mar 2023 23:34:06 GMT Content-Type: text/html; charset=UTF-8 Server: ESF Content-Length: 1561 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Thanks a lot. Apparently there is no need to check the patch for CentOS and Ubuntu. -- Best wishes Victor Ustugov mailto:vic...@corvax.kiev.ua public GnuPG/PGP key: https://victor.corvax.kiev.ua/corvax.asc -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/