Thank you!
openssl s_client -crlf -CAfile /etc/ssl/certs/ca-certificates.crt -connect smtp.mandrillapp.com:587 -starttls smtp says: Verify return code: 0 (ok) Maybe openssl does not resolve the CNAME but validates the certificate to smtp.mandrillapp.com Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: > Szépe Viktor writes: > >> Good morning! >> >> Mandrill has a wildcard certificate: >> >> X509v3 Subject Alternative Name: >> DNS:*.mandrillapp.com, DNS:mandrillapp.com >> >> >> I've set TLS_VERIFYPEER=REQUIREPEER >> >> This is the log: >> >> 400 couriertls: Mismatched SSL certificate: CN=mandrillapp.com >> (expected smtp.eu-west-1.mandrillapp.com) > > A wildcard applies to only one level of a domain hierarchy. > > *.example.com matches host1.example.com, but not host1.foo.example.com Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület ------------------------------------------------------------------------------ _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
