--
I was just doing some interopability testing with exim and tls certificates.
It appears that the $tls_certificate_verified is being set to 1 even if the
client certificate is expired. See
http://test.smtp.org/ for more info.
Can anyone confirm?
2004-01-23 09:21:55 SSL verify error: depth=0 error=certificate has expired cert=/C=US/ST=California/L=Emeryville/O=test.smtp.org/CN=test.smtp.org/emailAddress=postmaster@???
2004-01-23 09:21:55 SSL verify error: depth=0 error=certificate has expired cert=/C=US/ST=California/L=Emeryville/O=test.smtp.org/CN=test.smtp.org/emailAddress=postmaster@???
2004-01-23 09:21:55 H=horsey.gshapiro.net (test.smtp.org) [64.105.95.154] Warning: verified peer dn /C=US/ST=California/L=Emeryville/O=test.smtp.org/CN=test.smtp.org/emailAddress=postmaster@???
2004-01-23 09:21:58 1Ak50F-000PIX-Th <= <> H=horsey.gshapiro.net (test.smtp.org) [64.105.95.154] P=esmtp X=TLSv1:AES256-SHA:256 DN="/C=US/ST=California/L=Emeryville/O=test.smtp.org/CN=test.smtp.org/emailAddress=postmaster@???" S=3390 id=200401231721.i0NHLpQr086509@???
--
Some days it's just not worth chewing through the restraints...
Mark Foster <mark@???>
http://mark.foster.cc/
--
[ Content of type application/pgp-signature deleted ]
--