Re: [PATCH] Re: [Exim] TLS and certificate chains

Page principale
Supprimer ce message
Répondre à ce message
Auteur: John Holman
Date:  
À: exim-users
Sujet: Re: [PATCH] Re: [Exim] TLS and certificate chains
Philip Hazel wrote:
> Thank you for researching that. I will look at your patch in connection
> with Exim 4. It sounds as though this is not something that needs an
> option but can just be installed for everyone. Is that right? If you
> only want one certificate sent, you just put one certification in the
> file. Right?


Yes. I also tried putting the private key into the same file as the
certificates and that seems to work, so the change would be backwards
compatible as far as I can see.

One thing to note is that multiple certificates should be given in the
correct order. In my case, first the server certificate itself, then a
first intermediate certificate to validate the issuer of the server
certificate, then a second intermediate certificate to validate the
issuer of the first intermediate certificate, and finally (optionally)
the root certificate that validates the issuer of the second
intermediate certificate. (The root certificate must already be trusted
by the client for validation to succeed, of course, but if it's not
preinstalled sending the root certificate along with the rest
potentially makes it available for the user to install).

John