Hi, as I saw now, the subject is confusing. I changed it. And made the long story shorter.
(Originally I wanted to complain about loading the default CAs, but now it's documented at least.) Heiko Schlittermann <[email protected]> (Di 25 Nov 2014 00:20:55 CET): … > unset:: With tls_verify_certificates not mentioned (as above) I get > LOG: Exim configuration error: tls_verify_hosts is set, but > tls_verify_certificates is not set > > empty string:: With "tls_verify_certificates =", I get > LOG: Verified: 0 > LOG: Peer dn: > > forced failure:: With "tls_verify_cerificates = ${if eq{a}{b}{foo}fail} I get > LOG: Verified: 0 > LOG: Peer dn: These two lines should behave the same way: # tls_verify_certificates = // not set tls_verify_certificates = ${if eq{a}{b}{CA}fail} // forced failure --> depending on tls_verify_host a configuration error And these lines should behave the same way tls_verify_certificates = // empty string tls_verify_certificates = ${if eq{a}{b}{CA}} // empty string --> always a valid configuration, but probably no verification success All other settings should load the trust store for verification. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: 7CBF764A - gnupg fingerprint: 9288 F17D BBF9 9625 5ABC 285C 26A9 687E 7CBF 764A - (gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B)-
signature.asc
Description: Digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
