On 2021-07-18 Andreas Metzler <[email protected]> wrote: > Hello, > there seems to be some breakage in 4.95 RC0 with outgoing TLS, it fails > to verify the peer certificate:
> -------------------- > initialising GnuTLS as a client on fd 7 > GnuTLS global init required > initialising GnuTLS client session > Expanding various TLS configuration options for session credentials > TLS: basic cred init, client > TLS: no client certificate specified; okay > TLS: tls_verify_certificates not set or empty, ignoring ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ That seems to be the required hint. Given this transport smarthost_smtp: driver = smtp multi_domain hosts_require_tls = * tls_verify_hosts = * we get different output for »exim -bP transport smarthost_smtp | grep tls_verify_certificates« with 4.92.2 tls_verify_certificates = system and 4.95 rc0 tls_verify_certificates = And indeed explicitely setting "tls_verify_certificates = system" on the transport lets cert verification succeed. (This also applies to the main configuration option tls_verify_certificates, not just to the transport option. - It is also empty by default.) cu Andreas -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
