On Wed, 23 Jul 2003, Philip Hazel wrote:
> On Tue, 22 Jul 2003, Lutz Pressler wrote:
> > tested with Exim 4.20 to 4.20(5), I'm not able to get $tls_peerdn
> > (or the DN of the connecting server) set on incoming TLS connections.
> >
> > That's even with tls_try_verify_hosts = * and tls_verify_certificates set
> > to some dummy entries.
> >
> > As I read the documentation, the DN of the connecting host's certificate
> > should be available in this case, but it's not.
>
> If the client sends a certificate, [...]
It has turned out, that this was the problem. The server side behaves
correctly, but clients have to be prepared to send a client certificate -
and most aren't. For Exim as a client, you have to explicitly point to the
certificate (and key) to use as a client cert by using the
"tls_certificate" option within the smtp transport(s) definition(s).
That's independant of "tls_certificate" in the main section, which is
used for defining the server certificate. Both can point to the same
file though.
Lutz
--
_ | Lutz Pressler | Tel: ++49-551-3700002
|_ |\ | | Service Network GmbH | FAX: ++49-551-3700009
._|ER | \|ET | Bahnhofsallee 1b | mailto:lp@SerNet.DE
Service Network | D-37081 Goettingen | http://www.SerNet.DE/
