On Tue, 11 Sep 2001, Micropterus Salmoides wrote:
> Other than Mr. Hazel, who apparently will not share his configuration files
> that purportedly work with the subject statement, has anyone successfully
> made tls_verify_certificate work with an Outlook Express or Netscape client?
1. I have not made tls_verify_certificate work with Outlook Express or
Netscape. Nor have I failed. I just haven't tried. I have no access to
Outlook Express because I don't use MS operating systems since my work
is all Unix-based.
2. I have not refused to share my configuration files because I don't
have any to share! At least not for those two clients.
3. I have made tls_verify_certificate work between a client and a server
Exim. To show you I have nothing to hide, this is what I had in the main
part of the configuration:
tls_verify_hosts = *
tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux/cert2}fail}
tls_log_peerdn
and this is what I had in the transport:
send_to_server:
driver = smtp
hosts = ::::1 : 127.0.0.1
port = 1225
allow_localhost
tls_certificate = DIR/aux/cert2
tls_privatekey = DIR/aux/cert2
tls_verify_ciphers = IDEA-CBC-MD5 \
${if eq{$host_address}{127.0.0.1}{:DES-CBC3-SHA}}
The macro DIR points to a specific directory; the macro SERVER is set to
"server" for the server Exim, and unset for the client Exim. (This is
part of my test suite for Exim.)
4. Oh, and by the way, it's "Dr Hazel" if you want to get formal.
5. I hope I haven't just responded to a troll.
Philip
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
