Re: [Exim] 2 SSL questions

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Matt Bernstein
Date:  
À: Mark Edwards
CC: exim-users
Sujet: Re: [Exim] 2 SSL questions
At 14:53 -0700 Mark Edwards wrote:

>> I think you might misunderstand how certificates "and all that" work. The
>> client may offer a certificate, if requested, and the server may verify it
>> if it knows about a CA which has signed it. But, even though I've got it
>> to work, I'm no expert! Try the references the Exim spec points to.
>
>But where does the client get the certificate? As it stands now (without
>the ACL config), the client gets the certificate from my server and uses it.


Er.. that'd be the server certificate, and that's not the same as a
certificate the client might offer.

> Since it is self-signed, I'm the CA.


No.

I suspect you don't want tls_{,try_}verify_hosts at all. It's not needed
if you are relying on SMTP AUTH by the MUA anyway! It's more useful for
MTAs to trust other MTAs.

But if you're curious, read up!