起初,我的 exim tls 证书配置如下:
tls_certificate = ${if exists{/etc/exim4/ssl/${tls_sni}.crt}{/etc/exim4/ssl/${tls_sni}.crt}{/etc/exim4/ssl/exim.crt}}
tls_privatekey = ${if exists{/etc/exim4/ssl/${tls_sni}.key}{/etc/exim4/ssl/${tls_sni}.key}{/etc/exim4/ssl/exim.key}}
并且它有效。
我正在尝试创建一个嵌套条件:
tls_certificate = ${if exists{/etc/exim4/ipssl/${received_ip_address}.crt}{/etc/exim4/ipssl/${received_ip_address}.crt}{${if exists{/etc/exim4/ssl/${tls_sni}.crt}{/etc/exim4/ssl/${tls_sni}.crt}{/etc/exim4/ssl/exim.crt}}}
tls_privatekey = ${if exists{/etc/exim4/ipssl/${received_ip_address}.key}{/etc/exim4/ipssl/${received_ip_address}.key}{${if exists{/etc/exim4/ssl/${tls_sni}.key}{/etc/exim4/ssl/${tls_sni}.key}{/etc/exim4/ssl/exim.key}}}
此配置通过了语法测试(exim -bV),但是服务器在任何客户端连接后立即关闭 tcp 连接,并在 paniclog 中显示以下消息:
2017-08-01 07:14:56 expansion of tls_certificate failed: missing or misplaced { or }
我以为我不能使用嵌套的 if 条件,但后来我在默认的 exim 配置中发现了这一点:
REMOTE_SMTP_RETURN_PATH=${if match_domain{$sender_address_domain}{+local_domains}{${sender_address_local_part}@DCreadhost}{${if match_domain{$sender_address_domain}{ETC_MAILNAME}{${sender_address_local_part}@DCreadhost}fail}}}
为什么嵌套条件对我而言不起作用?有没有办法为 tls 证书制定类似的条件?
答案1
我认为您漏掉了一个右括号。提示:在测试时尝试像这样编写条件,以便在出现此类问题时更轻松地进行调试:
${
if exists{/etc/exim4/ipssl/${received_ip_address}.crt} {
/etc/exim4/ipssl/${received_ip_address}.crt
} {
${
if exists{/etc/exim4/ssl/${tls_sni}.crt} {
/etc/exim4/ssl/${tls_sni}.crt
} {
/etc/exim4/ssl/exim.crt
}
}
}
} <--