Autor: Bernhard Erdmann Data: Dla: gARetH baBB CC: exim-users Temat: Re: [Exim] using other parties self-signed certificate when delivering
to them using TLS
gARetH baBB wrote:
[...] > Precisely, so you expand tls_verify_certificates based on the destination
> host - if you want to verify you set tls_verify_certificates to the file
> otherwise you leave it unset.
>
> I was thinking of something like:
>
> tls_verify_certificates = ${lookup {$host_address} \
> lsearch{/etc/mail/tlsverify.hosts} {/etc/mail/tlsverify.certs} {} }
>
> But tls_verify_certificates seems to be needed to be *unset* for no
> verification, and just not blank. Unsure what you do to explicitly unset
> something.
"fail" instead of "{}" forces the expansion to fail and
tls_verify_certificates to be unset. Here it works: