On 2026/01/27 7:15 AM, Stefan Langeder via Exim-users wrote:
It seems the problem is that we use an ACL with the condition
“verify=certificate” and that the certificate used by the sender is missing the
certificate extension “Client Authentication (1.3.6.1.5.5.7.3.2)” .
My question is: Is there any way to configure exim to ignore that the
certificate extension is missing?
There's nothing specific for permitting a cert that lack the status of "usable
for
client authentication" to be used for exactly that, no.
You could make the entire verification optional (main-config option
tls_try_verify_hosts),
and (preferably) add in some specific checks on connections from those hosts
e.g. in your
acl_smtp_mail ACL.
--
Cheers,
Jeremy
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at https://www.exim.org/
## Please use the Wiki with this list - https://code.exim.org/exim/wiki/wiki
