Re: [Exim] 2 SSL questions

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Matt Bernstein
Date:  
À: Matthew Byng-Maddick
CC: exim-users
Sujet: Re: [Exim] 2 SSL questions
At 23:34 +0100 Matthew Byng-Maddick wrote:

>On Sun, Aug 18, 2002 at 10:40:40PM +0100, Matt Bernstein wrote:
>> I think you might misunderstand how certificates "and all that" work. The
>> client may offer a certificate, if requested, and the server may verify it
>> if it knows about a CA which has signed it. But, even though I've got it
>> to work, I'm no expert! Try the references the Exim spec points to.
>
>Unless exim 4's certificate verification calls have changed, it didn't
>deal with CAs directly, just with copies of the certificate. (either in
>a hashed directory or in a single file). (god, openssl is horrid).


Well, I certainly have certificates the Exim server has never seen being
verified by same server. So..

tls_verify_certificates = /etc/exim/DCS_CA_file.pem

..does the trick for us. So I guess that patch went in! (It so happens
that I only started looking at this in detail relatively recently.)