On 2018-09-07 Viktor Dukhovni via Exim-users <[email protected]> wrote: [...] > Until there's either a fix in GnuTLS (Nikos Mavrogiannopoulos can get in touch > with me if there are questions), or a work-around in Exim that disables DANE > for domains with DANE-TA(2) records when linked with GnuTLS (supporting only > domains that use DANE-EE(3)), the only alternative is disable DANE support in > Exim when linked with GnuTLS. [...]
Hello, Are you positive that this is a problem in GnuTLS and not in a problem in exim's usage of gnutls-dane? Asking, since danetool --check=lists.gentoo.org --proto tcp --starttls-proto=smtp succeeds. (I have verified that this succeeds without local truststore, i.e. when "gnutls-cli --starttls-proto=smtp lists.gentoo.org" throws a verification error.) cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
