Re: [Exim] 2 SSL questions

Góra strony
Wiadomość jest częścią wątku:
Mpełne drzewo wątku posortowane wg daty
MMatthew Byng-Maddick at <-
M 
Delete this message
Reply to this message
Autor: Matt Bernstein
Data:  
Dla: Matthew Byng-Maddick
CC: exim-users
Temat: Re: [Exim] 2 SSL questions
At 23:34 +0100 Matthew Byng-Maddick wrote:

>On Sun, Aug 18, 2002 at 10:40:40PM +0100, Matt Bernstein wrote:
>> I think you might misunderstand how certificates "and all that" work. The
>> client may offer a certificate, if requested, and the server may verify it
>> if it knows about a CA which has signed it. But, even though I've got it
>> to work, I'm no expert! Try the references the Exim spec points to.
>
>Unless exim 4's certificate verification calls have changed, it didn't
>deal with CAs directly, just with copies of the certificate. (either in
>a hashed directory or in a single file). (god, openssl is horrid).

Well, I certainly have certificates the Exim server has never seen being
verified by same server. So..

tls_verify_certificates = /etc/exim/DCS_CA_file.pem

..does the trick for us. So I guess that patch went in! (It so happens
that I only started looking at this in detail relatively recently.)



Wiadomość została wysłana do następujących list mailowych:
Exim-users
Informacja o liście mailowej | Najbliższe wiadomości		<-Re: [Exim] 2 SSL questions[Exim] amavis / spamassassin - another neat trick....->
Tahini and Hummus and Cumin Development Archives administrowana przez cumin AdminsLurker (wersja 2.3)