Hi,
Have many people used Exim as a TLS-supporting server that uses
certificate-based authentication? It's just that I'm looking at the code and
testing things out, and it seems that Exim doesn't always require a
certificate when I think it should (version 4.10):
SMTP<< STARTTLS
tls_certificate file /etc/exim/araqnid.ddts.net-rsa.crt
tls_privatekey file /etc/exim/araqnid.ddts.net-rsa.key
Initialised TLS
host in tls_verify_hosts? yes (matched "*")
SMTP>> 220 TLS go ahead
Calling SSL_accept
[ .. SSL gumpf here .. ]
SSL_accept was successful
Cipher: TLSv1:DES-CBC3-SHA:168
[ big list of shared ciphers ]
sender_fullhost = localhost [127.0.0.1]
sender_rcvhost = localhost ([127.0.0.1] ident=steve)
set_process_info: 25775 handling incoming TLS connection from localhost
[127.0.0.1]
TLS active
Calling SSL_read(80d8818, 80e8bd0, 4096)
... so, no messages from verify_callback() about the various stages of the
chain, which I think there should be. Is this a largely unused tract of code
or am I just setting things up wrong? I have tls_verify_hosts set to "*" as
can be seen, so it ought to be rejecting TLS connections without a proper
certificate aiui.
SRH
--
Steve Haslam Reading, UK araqnid@???
Debian GNU/Linux Maintainer araqnid@???
Your heart has been ruptured and it will never heal
To get another heart you'll have to steal [leæther strip]