[Exim] Re: Unexpected behaviour with empty tls_verify_certif…

Top Page
Delete this message
Reply to this message
Author: J.H.M. Dassen (Ray)
Date:  
To: Andreas Metzler
CC: 236478, exim-users
Subject: [Exim] Re: Unexpected behaviour with empty tls_verify_certificates file/directory
On Sat, Mar 06, 2004 at 22:59:07 +0100, Andreas Metzler wrote:
> On 2004-03-06 "J.H.M. Dassen (Ray)" <fsmla@???> wrote:
> > Exim's documentation says `tls_verify_certificates' may point to a
> > directory as well - presumably that was written based on the OpenSSL
> > implementation.
>
> Exim's documentation says *very* clearly that using a directory is
> OpenSSL-only.


Only in the tls_verify_certificates entry in the alphabetical list of main
options. There is nothing about this in chapter 37 "Encrypted SMTP
connections using TLS/SSL".

37.3 "Requesting and verifying client certificates" says "These must be
available in a file or directory that is identified by
tls_verify_certificates." and later on talks about "the collection named by
tls_verify_certificates."

37.4 "Configuring an Exim client to use TLS" says "If
tls_verify_certificates is set, it must name a file or directory that
contains a collection of expected certificates."

Ray
--
Javascript is EVIL!
    keyweed