On 2014-11-26 Heiko Schlittermann <[email protected]> wrote: [...] > tls_verify_certificates seems to cause some trouble. I'm talking about > the main config option, but I assume that everything holds for the smtp > driver option of the same name too.
> There are two (probably only loosely related issues): > - The inconsistent results of not setting this option at all, > having a forced failure, and setting it to an empty value. > This could be talked about in another thread. > - The confusing influence on loading a default trust store. > This I'm talking about here and now … [...] Hello, just to add another piece of the puzzle: Last time I checked exim/openssl and exim/gnutls had a major difference in behavior with respect to tls_(try)verify_certificates: exim/GnuTLS would send the list of acceptable TLS certificates in the SSL handshake. If the list is long enough, this breaks interconnectivity. I do not know whether the code has changed since, though. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
