On Thu, Jul 13, 2023 at 10:30:06PM +0300, Evgeniy Berdnikov via Exim-users wrote:
> On Thu, Jul 13, 2023 at 11:11:31AM -0400, Viktor Dukhovni via Exim-users > wrote: > > Perhaps the OpenSSL library could change the message to be: > > > > "TLS fatal alert from <peer|client|server>: bad certificate" > > Does TLS/SSL protocol provide enough information to conclude that alert > should be interpreted as "bad certificate" message from other side? Yes. https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.2 > Does it provide any granularity on this badness, such as time window, > signature, algorithms and so on? No. > As far as I understand from reading traffic captures, there are no text > fields in TLS/SSL alert messages. It looks like severe design flaw > of this protocol, leading to problems in diagnostic on both sides. Alerts carry just an alert level and number. https://datatracker.ietf.org/doc/html/rfc8446#section-6 -- Viktor. -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
