------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1382 --- Comment #6 from Todd Lyons <[email protected]> 2013-09-10 02:35:00 --- On Mon, Sep 9, 2013 at 5:01 PM, alxgomz <[email protected]> wrote: > I have tried both patches but it doesn't fix the issue. > The debug still show "LDAP_OPT_X_TLS_TRY" regardless of the value of > ldap_require_cert = allow. > > I have also tried the patch from the following page > https://gist.github.com/mrballcb/6501428, but that didn't help neither. Can you show the debug output to see what the LDAP_OPT_X_TLS is being set to with the patch from that gist? Add into the patch, right before the first ldap_set_option() call: debug_printf("setting value LDAP_OPT_X_TLS = %d\n", tls_option); I want to make sure that it's setting the option the way we think it should be. > I have added a debug line before the ldap_start_tls_s line 534 in order to > check the options of the ldap connection: > > 533 debug_printf("trying to connect using LDAP_OPT_X_TLS_REQUIRE_CERT = > %d > \n", cert_option); > > It seems to be set properly (according to ldap.h) from the the config file as > I > get : > > 00:31:37 6469 3 set for cert_option > 00:31:37 6469 binding with user=uid=exim,dc=middle,dc=earth password=eximmta > 00:31:37 6469 trying to connect using LDAP_OPT_X_TLS_REQUIRE_CERT = 3 Yes that looks good. Now let's look at the initial setting with the extra debug statement above. > But as you can see I still get a connection error and checking the network > dump > I see I have the following TLS alert: "Unknown CA", which shouldn't happen > with > ldap_require_cert set to allow. I don't know if that shouldn't happen. Rather, it should just be ignored per the setting above. > I cannot exclude any set up error on my side, but again, I have dovecot > happily > doing ldap TLS against the same LDAP server (so with the same self signed > certificate) with similar configuration (tls = yes tls_require_cert = allow). And we're, in theory, trying to align those behaviors. -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
