Re: [Exim] using other parties self-signed certificate when …

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: gARetH baBB
Fecha:  
A: exim-users
Asunto: Re: [Exim] using other parties self-signed certificate when delivering to them using TLS
On Mon, 29 Mar 2004, Bernhard Erdmann wrote:

> The file used for tls_verify_certificates contains the CA certificate
> for the hosts where TLS is required when sending mail to them.
>
> I don't know the certificate or the CA certificate of every host I send
> mail to. For certain hosts, TLS is required. The use of TLS should be
> optional for other hosts and not be disturbed by a self-signed
> certificate on the other side.


Precisely, so you expand tls_verify_certificates based on the destination
host - if you want to verify you set tls_verify_certificates to the file
otherwise you leave it unset.

I was thinking of something like:

tls_verify_certificates = ${lookup {$host_address} \
lsearch{/etc/mail/tlsverify.hosts} {/etc/mail/tlsverify.certs} {} }

But tls_verify_certificates seems to be needed to be *unset* for no
verification, and just not blank. Unsure what you do to explicitly unset
something.