Ok, so if I do:
openssl s_client -tls1 -starttls smtp -connect hosteddomain.com:587 -servername
mail.hosteddomain.com
My hosts cPanel install with Exim returns my hosteddomain.com certificate. From
the exim.conf, I see:
tls_certificate = ${if and \
{ \
{gt{$tls_in_sni}{}} \
{!match{$tls_in_sni}{/}} \
} \
{${if exists {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \
{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \
{${if exists
{${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}}
\
{${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}}
\
{/etc/exim.crt} \
}} \
}} \
{/etc/exim.crt} \
}
tls_privatekey = ${if and \
{ \
{gt{$tls_in_sni}{}} \
{!match{$tls_in_sni}{/}} \
} \
{${if exists {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \
{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} \
{${if exists
{${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}}
\
{${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}}
\
{/etc/exim.key} \
}} \
}} \
{/etc/exim.key} \
}
So it’s using $tls_in_sni. But if I change my paths so they point to valid
files and:
openssl s_client -tls1 -starttls smtp -connect mytestserverdomain.com:587
-servername mytestserverdomain.com
It is trying to serve the /etc/exim.key because $tls_in_sni is empty/not
expanded as main.log shows.
Why is $tls_in_sni empty in my setup?
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
