Re: [Exim] tls error and mobile authentication

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Philip Hazel
Date:  
À: Leonardo Boselli
CC: exim-users
Sujet: Re: [Exim] tls error and mobile authentication
On Wed, 27 Nov 2002, Leonardo Boselli wrote:

> > tls_verify_certificates and/or tls_try_verify_certificates and
> > appropriate ACL settings.
> It is not completely clear: it says:
> The host matches host_accept_relay, OR The host is authenticated and
> matches host_auth_accept_relay OR The host is using a TLS session and
> matches tls_host_accept_relay


host_accept_relay is an Exim 3 option. My answer applies to Exim 4. I'm
sorry if you said you were using Exim 3 and I didn't notice. Exim 3 was
much less flexible about these kinds of test.

> Does this include: host use TLS but certificate is invalid, but if then it
> authenthicate and AUTH is OK, the session is OK. ?


The server really does need a valid certificate usually. For the client,
you can make Exim 4 do what you suggest.

> That is, the certificate check is just a flag or if fails, no AUTH is done ?


You can, in Exim 4, arrange for the server to advertise AUTH only if the
session is encrypted.

> then [OT] how to feed Eudora with the correct certificate ? (I am not an audora
> user, but many local user are !)


I know nothing about Eudora or any other PC or Mac software.

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.