On Sat, 12 Feb 2005, Bill Hacker wrote:
>
> Might that not provide both a means of storing an already unlocked cert
> (somewhat) more securely
Why do you think it would be more secure? It's still readable by the exim
user.
BTW, by configuration contains:
CERTS = /opt/dist/certs
DB = /opt/exim/etc/db
PARAM = ${lookup {$interface_address} cdb {DB/addrparams.cdb} }
NAME = ${extract {name}{PARAM} {$value} {localhost} }
tls_certificate = CERTS/server/NAME
(On reflection, my earlier suggestion of trying to restrict the
certificate readability to root is not sufficient, because a copy of it
would be available in running copies of Exim, recoverabe by any code
running as the exim user.)
Tony.
--
<fanf@???> <dot@???>
http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
