On Wed, 14 Jan 2004, Mark Foster wrote:
> So given the existing of CRL/OSCP, the trust model in exim seems to fall
> short, since it doesn't (appear to) check for certificate revocation.
Exim does not have a trust model. It relies on OpenSSL or GnuTLS to
handle all the cryptographic stuff, and I would dearly like to keep it
that way. Without reading the documentation, I don't know if either of
those libraries has a "check for revocation" facility. If they do, then
I assume it would be fairly easy to change Exim so that it invokes it,
assuming some invocation is necessary (i.e. the library doesn't do it
automatically). I am not keen on building the code into Exim itself.
> Please add to the wishlist... I could try and come up with some
> code/patches if you would consider it.
I will wishlist a research item to try to find out what the libraries
offer, unless somebody tells me beforehand.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
