* Sebastian Kapfer (s.kapfer_usenet@gmx.net) [031001 18:03]:
> [connecting...]
> SMTP>> STARTTLS
> read response data: size=32
> SMTP<< 220 {mp009} Ready to start TLS
> initializing GnuTLS as a client
> read RSA and D-H parameters from file
> initialized RSA and D-H parameters
> no TLS client certificate is specified
> verify certificates = /etc/exim4/tlscerts.out
> initialized certificate stuff
> initialized GnuTLS session
> TLS certificate verification failed: peerdn=/C=DE/S=Bavaria/L=Munich/O=GMX GmbH/CN=mail.gmx.net
> LOG: MAIN
> TLS error on connection to mail.gmx.net [213.165.64.20]: certificate verification failed
> ok=0 send_quit=0 send_rset=1 continue_more=0 yield=1 first_address=135166528
> 213.165.64.20 in hosts_require_tls? yes (matched "0.0.0.0/0")
> [reports failure, other blurbs...]
>
> Certificate verification failed -- how can that be? I don't want Exim to
> question my certificate file. It should just check if the remote host is
> the same as it used to be.
Perhaps it's failing because it can't verify a certificate chain from a
trusted root certificate? You might need to grab the thawte CA cert and
append it to your tlscerts.out .
Just a guess ... I'm doing some testing right now to try to get a better
answer.
good times,
Vineet
--
http://www.doorstop.net/
--
"If you can put it on a T-shirt, it's speech... To enjoin the T-shirts as a
circumvention device is ludicrous." --Robin Gross, EFF staff attorney
Attachment:
signature.asc
Description: Digital signature