------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1371 Summary: tls_try_verify_hosts missing for smtp_transport Product: Exim Version: 4.80.1 Platform: Other OS/Version: Linux Status: NEW Severity: bug Priority: medium Component: TLS AssignedTo: [email protected] ReportedBy: [email protected] CC: [email protected] Created an attachment (id=643) --> (http://bugs.exim.org/attachment.cgi?id=643) implements tls_(try_)verify_hosts for smtp_transport for 4.80.1 As discussed on exim-users already... smtp transport is missing something like tls_try_verify_hosts and tls_verify_hosts to avoid droping a SSL-connection if verification of of the server cert fails. Currently exim tries to verify server certs as soon as tls_certificates is set. Since there are many servers (even big ones like linkedin.com) with broken SSL setup many connections stop using SSL. The attached patch fixes this. It tries to get exactly the same behaviour as client cert verification on incoming connection. Setting tls_certificates only now triggers no verification at all. Setting tls_try_verify_hosts in smtp transport does exactly the same as the global option. Some for tls_verify_hosts. I tried for both gnutls and openssl to *) set none of both while tls_certificates was set. *) set tls_try_verify_hosts = * *) set try_verify_hosts = * Both did at least what I expected;-) -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
