On 8/14/2020 8:22 PM, Viktor Dukhovni wrote: > On Fri, Aug 14, 2020 at 02:30:03PM +0300, Thorsten Habich wrote: > >> the certificate verification with TA file option still occasionally fails: > How is the use of a TA file relevant here? It only happens with the domains configured with TA file option. > >> 2020-08-13T07:39:39.007186+02:00 server postfix/tlsproxy[47119]: >> certificate verification failed for remote.domain.tld[10.11.12.13]:25: >> untrusted issuer /C=PL/O=Unizeto Sp. z o.o./CN=Certum CA > Are you saying that the code doing the validation is unreliable, or is > the remote server merely presenting an unexpected certificate chain? Certificate chain seems fine to me plus the error disappears after a restart/on the next delivery attempt. I clarified with the admin on the remote side that they didn't change anything on their side for weeks.
- Re: connection_reuse Wietse Venema
- Re: connection_reuse Thorsten Habich
- PATCH: connection_reuse Wietse Venema
- Re: PATCH: connection_reuse Thorsten Habich
- Re: PATCH: connection_reuse Wietse Venema
- PATCH #2: connection_reuse Wietse Venema
- Re: PATCH #2: connection_reuse Thorsten Habich
- Re: PATCH #2: connection_reuse Wietse Venema
- Re: PATCH #2: connection_reuse Thorsten Habich
- Re: PATCH #2: connection_reuse Viktor Dukhovni
- Re: PATCH #2: connection_reuse Thorsten Habich
- Re: PATCH #2: connection_reuse Viktor Dukhovni
- Re: PATCH #2: connection_reuse Thorsten Habich
- Re: PATCH #2: connection_reuse Wietse Venema
- Re: PATCH #2: connection_reuse Thorsten Habich
- Re: PATCH #2: connection_reuse Thorsten Habich
- Re: PATCH #2: connection_reuse Viktor Dukhovni
- Re: PATCH #2: connection_reuse Thorsten Habich
- Re: PATCH #2: connection_reuse Wietse Venema
- PATCH #3 (Postfix 3.4 + 3.5): TL... Viktor Dukhovni
- Re: PATCH #3 (Postfix 3.4 + 3.5)... Wietse Venema