On 2020-02-03 00:54, Viktor Dukhovni wrote: > > > And is the OpenSSL library that "/usr/bin/openssl" is linked with, the > > > same one as the one for Exim? > > > > I am quite sure it is, because I build exim myself. I cannot be 100% > > sure for debian packaged exim, but such a blunder would be completely > > out of character. > > The idea is not to be "sure", but to actually check with "ldd". > > > > Is the /etc/ssl/certs/ directory "hashed" (lots of funny > > > <hexdigits>.<smalldecimal> symlinks)? > > > > Yes. > > Well, in that case perhaps Exim is not loading the default CA locations, > or there's some sort of file access control (SELinux? AppArmor? ...) > that's preventing Exim from reading the directory. > > You'll have "strace" Exim and see what it is doing when it fails > to verify the peer chain. > > Did you share the destination domain name at any point? Perhaps > its certificate chain really does have some sort of issue.
... Waiting for the OP to respond ... -- Ian -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
