Re: [Exim] Status of TLS-support?

Top Page
Delete this message
Reply to this message
Author: Mark Foster
Date:  
To: Till Dörges
CC: exim-users
Subject: Re: [Exim] Status of TLS-support?
Till Dörges wrote:
> - From what I've found in the documentation, on the web and in the
> mailing-list archives, it seems like this:
>
> o Exim supports server-certificates.
> o Exim supports client-certificates.
> o Exim itself can act as a TLS-client.

Yes, yes and yes.

>  o  Exim does not support CA-certificates (certificate authority),
>      e.g. to verify the client-certificates.


I believe exim DOES support this. The setting tls_verify_certificates is
what makes it possible. The file can contain multiple certs, either of
users or of CAs. For example, you can put a Thawte CA certificate in
there, and any inbound TLS connection presenting a Thawte-signed
certficate is going to be verified.

>      You can, however, put multiple certificates in 'tls_certificate'
>      so that a client will be able to do the verification.

I think you misunderstand. Go back an (re)read...
http://www.exim.org/exim-html-4.30/doc/html/spec_37.html#CHAP37

> o Exim does not support CRL (certificate revocation lists).

No I think not.

--
Some days it's just not worth chewing through the restraints...
Mark Foster <mark@???> http://mark.foster.cc/