[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: exim4 SSL/TLS client: refusal to verify certificate

* Sebastian Kapfer (s.kapfer_usenet@gmx.net) [031001 18:03]:
> [connecting...]
> read response data: size=32
>   SMTP<< 220 {mp009} Ready to start TLS
> initializing GnuTLS as a client
> read RSA and D-H parameters from file
> initialized RSA and D-H parameters
> no TLS client certificate is specified
> verify certificates = /etc/exim4/tlscerts.out
> initialized certificate stuff
> initialized GnuTLS session
> TLS certificate verification failed: peerdn=/C=DE/S=Bavaria/L=Munich/O=GMX GmbH/CN=mail.gmx.net
>   TLS error on connection to mail.gmx.net []: certificate verification failed
> ok=0 send_quit=0 send_rset=1 continue_more=0 yield=1 first_address=135166528
> in hosts_require_tls? yes (matched "")
> [reports failure, other blurbs...]
> Certificate verification failed -- how can that be? I don't want Exim to
> question my certificate file. It should just check if the remote host is
> the same as it used to be.

Perhaps it's failing because it can't verify a certificate chain from a
trusted root certificate?  You might need to grab the thawte CA cert and
append it to your tlscerts.out .

Just a guess ... I'm doing some testing right now to try to get a better

good times,
"If you can put it on a T-shirt, it's speech... To enjoin the T-shirts as a
circumvention device is ludicrous." --Robin Gross, EFF staff attorney

Attachment: signature.asc
Description: Digital signature

Reply to: