Re: [Exim] tls_verify_certificate

Pàgina inicial
Delete this message
Reply to this message
Autor: Philip Hazel
Data:  
A: Micropterus Salmoides
CC: exim-users
Assumpte: Re: [Exim] tls_verify_certificate
On Tue, 11 Sep 2001, Micropterus Salmoides wrote:

> Other than Mr. Hazel, who apparently will not share his configuration files
> that purportedly work with the subject statement, has anyone successfully
> made tls_verify_certificate work with an Outlook Express or Netscape client?


1. I have not made tls_verify_certificate work with Outlook Express or
Netscape. Nor have I failed. I just haven't tried. I have no access to
Outlook Express because I don't use MS operating systems since my work
is all Unix-based.

2. I have not refused to share my configuration files because I don't
have any to share! At least not for those two clients.

3. I have made tls_verify_certificate work between a client and a server
Exim. To show you I have nothing to hide, this is what I had in the main
part of the configuration:

tls_verify_hosts = *
tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux/cert2}fail}
tls_log_peerdn

and this is what I had in the transport:

send_to_server:
  driver = smtp
  hosts = ::::1 : 127.0.0.1
  port = 1225
  allow_localhost
  tls_certificate = DIR/aux/cert2
  tls_privatekey = DIR/aux/cert2
  tls_verify_ciphers = IDEA-CBC-MD5 \
    ${if eq{$host_address}{127.0.0.1}{:DES-CBC3-SHA}}


The macro DIR points to a specific directory; the macro SERVER is set to
"server" for the server Exim, and unset for the client Exim. (This is
part of my test suite for Exim.)

4. Oh, and by the way, it's "Dr Hazel" if you want to get formal.

5. I hope I haven't just responded to a troll.

Philip

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.