Re: [Exim] 2 SSL questions

Pàgina inicial
Delete this message
Reply to this message
Autor: Matt Bernstein
Data:  
A: Mark Edwards
CC: exim-users
Assumpte: Re: [Exim] 2 SSL questions
At 14:53 -0700 Mark Edwards wrote:

>> I think you might misunderstand how certificates "and all that" work. The
>> client may offer a certificate, if requested, and the server may verify it
>> if it knows about a CA which has signed it. But, even though I've got it
>> to work, I'm no expert! Try the references the Exim spec points to.
>
>But where does the client get the certificate? As it stands now (without
>the ACL config), the client gets the certificate from my server and uses it.


Er.. that'd be the server certificate, and that's not the same as a
certificate the client might offer.

> Since it is self-signed, I'm the CA.


No.

I suspect you don't want tls_{,try_}verify_hosts at all. It's not needed
if you are relying on SMTP AUTH by the MUA anyway! It's more useful for
MTAs to trust other MTAs.

But if you're curious, read up!