OK, I've read the FAQ and I don't think this is quite the situation described in the FAQ.
The relevant configuration bash-2.05a$ grep '^tls_' /path/to/exim.cfg tls_advertise_hosts = * tls_try_verify_hosts = * tls_verify_certificates = /path/to/cacert.pem tls_certificate = /path/to/host.crt tls_privatekey = /path/to/host.key bash-2.05a$ ls -l /path/to/cacert.pem -rwxr-xr-x 1 root exim 0 Nov 24 2005 /path/to/cacert.pem bash-2.05a$ The cacert.pem is definitely readable by the Exim user, but it's empty, so nothing is going to match. As I understand it, if nothing matches, the connection should continue, encrypted, but not verified. What we actually see is 12/12/2006 09:10:34 Router: No messages transferred to MAIL.EXAMPLE.NET (host mail1.EXAMPLE.NET) via SMTP: SSL bad peer certificate. Connection refused and in the exim log we see 2006-12-12 09:10:14 TLS error on connection from (tlsmail02.example.com) [123.111.100.123] (SSL_accept): error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000) As I read the docs, if it doesn't accept the certificate it should continue anyway. In this instance it doesn't seem to do that. Is that becasue it's a deeper problem than a rejected certificate, or am I misreading the docs? Neil Youngman -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
