Re: [Exim] tls certificate verification

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Matt Bernstein
CC: Steve Haslam, exim-users
Subject: Re: [Exim] tls certificate verification
On Tue, 10 Sep 2002, Matt Bernstein wrote:

> At 20:31 +0100 Steve Haslam wrote:
>
> >If you don't set tls_verify_certificates, then client certificates are
> >silently not verified, and tls_verify_hosts (and presumably
> >tls_try_verify_hosts) has no effect. *sigh*


That is a bug, IMO. I have put it on the list to fix. It could be
diagnosed at configuration-reading time by requiring
tls_verify_certificates to be set when tls_[try_]verify_hosts is.

> Ahhh... were you expecting them to be verified internally by OpenSSL?
> Maybe that could be a FAQ.


Certainly, and I'll also make this clearer in the documentation.

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.