------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1489 --- Comment #7 from Mike Cardwell <[email protected]> 2014-06-05 14:26:53 --- (In reply to comment #5) > The "sig_algorithm" result is that given by the OpenSSL library for the calls > > OBJ_nid2ln(X509_get_signature_type((X509 *)cert)) > > not a result of a parse error by the exim code. It might be worthwhile asking > on the OpenSSL mailing list when this result string can be returned. A quick google found somebody else who is seeing this and how they fixed it: https://stackoverflow.com/questions/19394151/how-to-get-the-cipher-signature-after-ssl-handshake That might be a starting point. > The bunch of crap returned for the "signature" result comes from the call > > X509_print_ex(bp, (X509 *)cert, 0, > X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION | X509_FLAG_NO_SERIAL | > X509_FLAG_NO_SIGNAME | X509_FLAG_NO_ISSUER | X509_FLAG_NO_VALIDITY | > X509_FLAG_NO_SUBJECT | X509_FLAG_NO_PUBKEY | X509_FLAG_NO_EXTENSIONS | > /* X509_FLAG_NO_SIGDUMP is the missing one */ > X509_FLAG_NO_AUX) > > I'm sorry it's not what you expected; any suggestion for improvement will be > welcome. I expected it to return the SHA256 fingerprint of the client cert. However, I realise now what I was looking for was actually: ${sha256:$tls_in_peercert} -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
