Re: [exim-dev] [Bug 2311] New: DANE verify fails with a TA-mode TLSA and a selfsigned sever cert

Viktor Dukhovni via Exim-dev Sun, 09 Sep 2018 09:56:56 -0700


> On Sep 9, 2018, at 10:50 AM, admin--- via Exim-dev <[email protected]> wrote:
> 
>           Summary: DANE verify fails with a TA-mode TLSA and a selfsigned
>                    sever cert
>           Product: Exim
>           Version: 4.91
>          Hardware: x86
>                OS: Windows
>            Status: NEW
>          Severity: bug
>          Priority: medium
>         Component: Delivery in general
>          Assignee: [email protected]
>          Reporter: [email protected]
>                CC: [email protected]
> 
> This appears to be a GnuTLS library bug at present, but recording here for
> tracking purposes.

This does not appear to be the right description.  DANE-TA(2) is NOT
expected to work with self-signed server certs, and the report for
lists.gentoo.org is not for a self-signed cert.

The reports seem to be for ordinary 2 or 3 level chains in which
DANE-TA(2) matches at depth 1 or higher (depth 0 is the EE cert).

-- 
        Viktor.


-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

Re: [exim-dev] [Bug 2311] New: DANE verify fails with a TA-mode TLSA and a selfsigned sever cert

Reply via email to