On 04/12/15 16:43, Viktor Dukhovni wrote: > Well, I'd like to see DANE fully supported. Did you ever get a > chance to integrate the latest version ssl_dane library from github?
After a lot of fighting git, yes. Passes the initial Exim testsuite run with one minor difference: 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmbB-0005vi-00 tls:cert depth = 2 <CN=clica CA,O=example.com> 1999-03-02 09:44:33 10HmbB-0005vi-00 tls:cert depth = 0 <CN=server1.example.com> +1999-03-02 09:44:33 10HmbB-0005vi-00 tls:cert depth = 0 <CN=server1.example.com> 1999-03-02 09:44:33 10HmbB-0005vi-00 tls:cert depth = 2 <CN=clica CA,O=example.com> 1999-03-02 09:44:33 10HmbB-0005vi-00 tls:cert depth = 1 <CN=clica Signing Cert,O=example.com> 1999-03-02 09:44:33 10HmbB-0005vi-00 tls:cert depth = 0 <CN=server1.example.com> ... there's yet another verify callback now. It's a pity GnuTLS isn't usable too. As I said previously, I'd like to maintain parity between the two environments if at all possible. On the other hand, I want DANE out there... -- Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
