On Tue, 22 Jul 2003, Lutz Pressler wrote:
> tested with Exim 4.20 to 4.20(5), I'm not able to get $tls_peerdn
> (or the DN of the connecting server) set on incoming TLS connections.
>
> That's even with tls_try_verify_hosts = * and tls_verify_certificates set
> to some dummy entries.
>
> As I read the documentation, the DN of the connecting host's certificate
> should be available in this case, but it's not.
If the client sends a certificate, and Exim does not reject it (which it
shouldn't with tls_try_verify_hosts = *), $tls_peerdn should get set.
I've just looked at the code to verify this.
Are you using OpenSSL or Gnu-TLS?
There are debugging statements that record what is happening with
certificates, so I suggest you run a test with debugging turned on. All
you need is -d-all+tls. This will cut out a lot of other debugging that
is not relevant.
Philip
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book