On 31/05/2022 20:53, Heiko Schlittermann via Exim-users wrote:
TLS error on connection from r209.notifications.natwest.com
[130.248.154.209]:44104 I=[167.235.252.255]:25 (SSL_accept):
error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired
Is there any chance that the client tries to present you a certificate,
even if you do not request it?
Well, anything is possible I suppose. It's a good question; I did wonder if it
was a client certificate issue, but I assumed Exim wouldn't complain if a
client certificate (even expired) is presented when not requested. (Hence why
I started looking at the server certificate). Would we consider that an Exim
bug if so?
I'm a bit suprised that Exim drops the connection (doesn't it?) seeing
the expired certificate, but this isn't very unlikely. I'd you a packet
capture to check the certificates from both sides.
Good idea - I'll see if I can capture next time they retry.
Tim
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
