Till Dörges wrote:
> - From what I've found in the documentation, on the web and in the
> mailing-list archives, it seems like this:
>
> o Exim supports server-certificates.
> o Exim supports client-certificates.
> o Exim itself can act as a TLS-client.
Yes, yes and yes.
> o Exim does not support CA-certificates (certificate authority),
> e.g. to verify the client-certificates.
I believe exim DOES support this. The setting tls_verify_certificates is
what makes it possible. The file can contain multiple certs, either of
users or of CAs. For example, you can put a Thawte CA certificate in
there, and any inbound TLS connection presenting a Thawte-signed
certficate is going to be verified.
> You can, however, put multiple certificates in 'tls_certificate'
> so that a client will be able to do the verification.
I think you misunderstand. Go back an (re)read...
http://www.exim.org/exim-html-4.30/doc/html/spec_37.html#CHAP37
> o Exim does not support CRL (certificate revocation lists).
No I think not.
--
Some days it's just not worth chewing through the restraints...
Mark Foster <mark@???>
http://mark.foster.cc/
