When my Sendmail server starts STARTTLS in client mode, verifies TWO certificates:
Code:
Sep 12 18:04:15 bricktop sm-mta[10119]: NOQUEUE: connect from X
Sep 12 18:04:15 bricktop sm-mta[10119]: AUTH: available mech=NTLM, allowed mech=NTLM
Sep 12 18:04:15 bricktop sm-mta[10119]: o8CG4FJT010119: Milter: no active filter
Sep 12 18:04:15 bricktop sm-mta[10119]: STARTTLS: x509 cert verify: depth=0 /C=XX/ST=XXXXXX/L=XXXXXXXXX/O=XXXXXXXXXXXXXXXXX/CN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/emailAddress=XXXXXXXXXXXXXXXXXXXXXXXXXXXXX, state=X, reason=XXXXXXXXXXXXXXX
Sep 12 18:04:15 bricktop sm-mta[10119]: STARTTLS: TLS cert verify: depth=0 /C=XX/ST=XXXXXX/L=XXXXXXXXX/O=XXXXXXXXXXXXXXXXX/CN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/emailAddress=XXXXXXXXXXXXXXXXXXXXXXXXXXXXX, state=X, reason=XXXXXXXXXXXXXXX
Sep 12 18:04:15 bricktop sm-mta[10119]: STARTTLS=server, get_verify: 12 get_peer: 0x82e66f0
This is in client mode when in contact with other servers. Both certs contain the same information and when trying around with my own server, depending on what cert I use, sometimes just one entry foro "TLS cert" occurs and sometimes two entries as above occurs.
All I know is that I have the "normal" setup with the server having one server cert and one server key and depending on which I use, Sendmail, as a client, sees one or two certs.
Are there actually two different certs or is it just the same cert but when formatted in a certain way, two entries shows up as above whereas otherwise just one entry show up? (What's a TLS cert anyway, all of them are X509 certs right?)