It appears the cert does have a SAN entry. (34.160.13.42 is an IP for
smtp.mailgun.org.)
$ openssl s_client -starttls smtp -connect 34.160.13.42:587 2>/dev/null
| openssl x509 -noout -text
X509v3 Subject Alternative Name:
DNS:*.mailgun.org, DNS:mailgun.org
I'm running Exim version 4.95 (in a Alpine Linux v3.16 container.)
Here's a few surrounding log lines:
SSL_connect: SSLv3/TLS read server hello
SSL_connect: TLSv1.3 read encrypted extensions
SSL verify ok: depth=2 SN=/C=US/O=DigiCert Inc/OU=
www.digicert.com/CN=DigiCert Global Root G2
SSL verify ok: depth=1 SN=/C=US/O=DigiCert Inc/CN=DigiCert Global G2
TLS RSA SHA256 2020 CA1
LOG: MAIN
[34.160.13.42] SSL verify error: certificate name mismatch:
DN="/C=US/ST=Texas/L=San Antonio/O=MAILGUN TECHNOLOGIES, INC/CN=*.
mailgun.org" H="smtp.mailgun.com"
SSL verify name failure overridden (host in tls_try_verify_hosts)
SSL verify ok: depth=0 SN=/C=US/ST=Texas/L=San Antonio/O=MAILGUN
TECHNOLOGIES, INC/CN=*.mailgun.org
SSL_connect: SSLv3/TLS read server certificate
SSL_connect: TLSv1.3 read server certificate verify
I have a layman's understanding of SSL certs so apologies for any naivety :)
Thanks!
Lance
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
