On 28/09/15 15:18, Robert Blayzor wrote: > One thing I have noticed going from 4.85 to 4.86 (perhaps this is > coincidence) is that we’re seeing a lot more SSL verification errors: > > ie: > > exim[69814]: 1ZgZDk-000I9s-NG [2001:630:212:8::e:f0e] SSL verify error: > depth=0 error=self signed certificate cert=/C=GB/ST=Cambridge/L=University of > Cambridge/O=Exim Maintainers/CN=hummus.csx.cam.ac.uk > > > > Anyone know how to disable these? I’ve tried: > > tls_verify_hosts = !* > tls_try_verify_hosts = !*
Probably coincidence; this is associated with the introduction of name-checks on certificates. It turns out that far too many actors who ought to know better are using certs that are invalid in this respect. See the tls_verify_cert_hostnames option if you want to disable the checking. There isn't a way at present to disable just the log noise; probably not hard to code but I've just not gotten to it. RFE at bugs.exim.org if you're interested, please. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
