Re: [Exim] 2 SSL questions

Pàgina inicial
Aquest missatge és part del següent fil:
M\l'arbre de fils complet ordenat per data
MMMark Edwards en <-
MMMatt Bernstein en ->
Delete this message
Reply to this message
Autor: Matt Bernstein
Data:  
A: Mark Edwards
CC: exim-users
Assumpte: Re: [Exim] 2 SSL questions
At 14:53 -0700 Mark Edwards wrote:

>> I think you might misunderstand how certificates "and all that" work. The
>> client may offer a certificate, if requested, and the server may verify it
>> if it knows about a CA which has signed it. But, even though I've got it
>> to work, I'm no expert! Try the references the Exim spec points to.
>
>But where does the client get the certificate? As it stands now (without
>the ACL config), the client gets the certificate from my server and uses it.

Er.. that'd be the server certificate, and that's not the same as a
certificate the client might offer.

> Since it is self-signed, I'm the CA.

No.

I suspect you don't want tls_{,try_}verify_hosts at all. It's not needed
if you are relying on SMTP AUTH by the MUA anyway! It's more useful for
MTAs to trust other MTAs.

But if you're curious, read up!



Aquest missatge es va enviar a les següents llistes de correu:
Exim-users
Informació sobre la llista de correu | Missatges propers		<-Re: [Exim] 2 SSL questionsRe: [Exim] 2 SSL questions->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)