On Wed, Sep 03, 2025 at 11:44:23AM +0100, Mark Hills via Exim-users wrote:
> 59213 SSL SSL_accept,state_chg: SSLv3/TLS write certificate request
The server requests a client certificate.
> 59213 SSL SSL_accept,state_chg: SSLv3/TLS read client certificate
The server reads the client's response,
> 59213 CLIENT_TRAFFIC_SECRET_0
> 4834841eb4cXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> e3c12a3feb660dXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> 59213 SSL SSL_accept,state_chg: SSLv3/TLS read finished
But then immediately moves to the "finished" state. I don't see any
attempt to read the client's certificate verify messagge, so I don't
think the client sent a certificate (it sent an empty certificate
message).
Whatever certificate the client had on hand was not actually sent.
> 59213 using ACL "acl_check_rcpt"
> [...]
> 59213 processing "accept" (/usr/local/etc/exim/configure 169)
> 59213 check verify = certificate
> 59213 accept: condition test failed in ACL "acl_check_rcpt"
> 59213 processing "warn" (/usr/local/etc/exim/configure 174)
> 59213 check verify = certificate
> 59213 warn: condition test failed in ACL "acl_check_rcpt"
> 59213 processing "require" (/usr/local/etc/exim/configure 186)
> 59213 message: relay not permitted
> 59213 check domains = +local_domains : +relay_to_domains
It would then not be surprising that certificate verification fails.
--
Viktor. 🇺🇦 Слава Україні!
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
