Dr. Philip Hazel <ph10@???> wrote:
>1. I have not made tls_verify_certificate work with Outlook Express or
>Netscape. Nor have I failed. I just haven't tried. I have no access to
>Outlook Express because I don't use MS operating systems since my work
>is all Unix-based.
I'm not as concerned about the operating system as I am the client. A Unix
based end-user client will demonstrate the functionality I am searching for
just as well as a MS or Apple client would. I reference OE _and_ Netscape
because they are probably the two most available end-user clients covering
most of the popular operating systems. Clearly others are available, too.
>2. I have not refused to share my configuration files because I don't
>have any to share! At least not for those two clients.
Again, the particular client itself is not really the point.
>3. I have made tls_verify_certificate work between a client and a
>server Exim. To show you I have nothing to hide, this is what I had
>in the main part of the configuration:
>
>tls_verify_hosts = *
>tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux/cert2}fail}
>tls_log_peerdn
>
>and this is what I had in the transport:
>
>send_to_server:
> driver = smtp
> hosts = ::::1 : 127.0.0.1
> port = 1225
> allow_localhost
> tls_certificate = DIR/aux/cert2
> tls_privatekey = DIR/aux/cert2
> tls_verify_ciphers = IDEA-CBC-MD5 \
> ${if eq{$host_address}{127.0.0.1}{:DES-CBC3-SHA}}
>
>The macro DIR points to a specific directory; the macro SERVER is set to
>"server" for the server Exim, and unset for the client Exim. (This is
>part of my test suite for Exim.)
Thank you. Now back to my problem - I'm looking to use x.509 certificates in
authenticating (and protecting my roaming user's server from becoming a spam
relay) my user's access to the SMTP service provided by exim. Using the TLS
functionality, I can require an encrypted session between the server and the
client, but I have been unsuccessful in implementing that one last step that
requires the client to provide a valid certificate back to the server.
Any help from someone that has successfully demonstrated that functionality
with exim would be greatly appreciated.
>4. Oh, and by the way, it's "Dr Hazel" if you want to get formal.
That title is earned and you should be properly addressed. My apologies.
>5. I hope I haven't just responded to a troll.
Actually, I'm a fish. ;-)
Sal
_________________________________________________________________
Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp