https://bugs.exim.org/show_bug.cgi?id=2594
--- Comment #2 from Chris Paulson-Ellis <ch...@paulson-ellis.org> --- I thought you might ask that :-) I don't think this specific issue is explicitly addressed in either the SMTP, TLS or HTTPS RFCs. HTTPS is quite clear that the name being tested comes from the URI, but doesn't go into specifics. I'm not surprised by this - the resolution of names to IP addresses belongs to a different layer - the DNS resolver - and the DNS RFCs talk about how to obtain an IP address, not about what you might otherwise do with the data obtained along the way. However, the current exim behaviour is clearly inconsistent with what web browsers actually do. If an HTTPS server returns a certificate for the CNAME rather than the original FQDN in the URI, then the browser will fail the verification. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##