Re: [Exim] tls certificate verification

Pàgina inicial
Delete this message
Reply to this message
Autor: Tony Earnshaw
Data:  
A: Steve Haslam
CC: exim-users
Assumpte: Re: [Exim] tls certificate verification
--
man, 2002-09-09 kl. 19:15 skrev Steve Haslam:

> Have many people used Exim as a TLS-supporting server that uses
> certificate-based authentication? It's just that I'm looking at the code and
> testing things out, and it seems that Exim doesn't always require a
> certificate when I think it should (version 4.10):


Hi Steve!

Well, I do. Almost always.

> SMTP<< STARTTLS
> tls_certificate file /etc/exim/araqnid.ddts.net-rsa.crt
> tls_privatekey file /etc/exim/araqnid.ddts.net-rsa.key
> Initialised TLS
> host in tls_verify_hosts? yes (matched "*")
> SMTP>> 220 TLS go ahead
> Calling SSL_accept


This has got nothing to do wih authentication, simply TLS encryption for
TLS-encrypted smtp.

The TLS used by slapd and the auth routines (e.g AUTH PLAIN, AUTH
CRAM-MD5) does/do any necessary authentication, which is a beast of
quite another spirit and kind (see the AUTH chapter in spec.txt). The
two should not not be confused. Can/should even use completely different
certificates from the ones above.

Best,

Tony

--

Tony Earnshaw

Tha can allway tell a Yorkshireman, but tha canna tell 'im much.

e-post:        tonni@???
www:        http://www.billy.demon.nl
gpg public key:    http://www.billy.demon.nl/tonni.armor


Telefoon:    (+31) (0)172 530428
Mobiel:        (+31) (0)6 51153356


GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981
3BE7B981


--
Content-Description: Dette er en digitalt signert meldingsdel

[ signature.asc of type application/pgp-signature deleted ]
--