... is noisy in mainlog. It has been forever, I think; the code line has always (in git terms) been there. Perhaps it's only the growth in use of certificates. You get blocks like:
2014-06-16 01:22:22 +0000 SSL verify error: depth=1 error=self signed certificate in certificate chain cert=/C=US/O=RTFM, Inc./OU=Widgets Division/CN=Test CA20010517 2014-06-16 01:22:22 +0000 SSL verify error: depth=1 error=invalid CA certificate cert=/C=US/O=RTFM, Inc./OU=Widgets Division/CN=Test CA20010517 2014-06-16 01:22:22 +0000 SSL verify error: depth=1 error=unsupported certificate purpose cert=/C=US/O=RTFM, Inc./OU=Widgets Division/CN=Test CA20010517 2014-06-16 01:22:22 +0000 SSL verify error: depth=1 error=certificate has expired cert=/C=US/O=RTFM, Inc./OU=Widgets Division/CN=Test CA20010517 2014-06-16 01:22:22 +0000 SSL verify error: depth=0 error=certificate has expired cert=/C=US/O=RTFM, Inc./OU=Widgets Division/CN=localhost
(that one's a standard "example certificate" - and someone is serving it up!) and every self-signed cert gets at least one line to say that (often a second to say it's expired; sigh) This seems unfortunate for a default-settings log. Since it's already there it is probably too late to change for the upcoming 4.83 - but should it move to under debug ( +tls )? A new logging option ( tls_detail )? Redefined existing logging option ( tls_certificate_verified )? Thoughts? -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
