On Wed, 27 Nov 2002, Leonardo Boselli wrote:
> > tls_verify_certificates and/or tls_try_verify_certificates and
> > appropriate ACL settings.
> It is not completely clear: it says:
> The host matches host_accept_relay, OR The host is authenticated and
> matches host_auth_accept_relay OR The host is using a TLS session and
> matches tls_host_accept_relay
host_accept_relay is an Exim 3 option. My answer applies to Exim 4. I'm
sorry if you said you were using Exim 3 and I didn't notice. Exim 3 was
much less flexible about these kinds of test.
> Does this include: host use TLS but certificate is invalid, but if then it
> authenthicate and AUTH is OK, the session is OK. ?
The server really does need a valid certificate usually. For the client,
you can make Exim 4 do what you suggest.
> That is, the certificate check is just a flag or if fails, no AUTH is done ?
You can, in Exim 4, arrange for the server to advertise AUTH only if the
session is encrypted.
> then [OT] how to feed Eudora with the correct certificate ? (I am not an audora
> user, but many local user are !)
I know nothing about Eudora or any other PC or Mac software.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
