Re: [exim] Uid used to access TLS-certificates

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Philip Hazel
Datum:  
To: Tony Finch
CC: exim-users, Timo Neuvonen
Betreff: Re: [exim] Uid used to access TLS-certificates
On Fri, 11 Feb 2005, Tony Finch wrote:

> No: Exim doesn't read the certificate until the last possible moment, at
> which point it has thrown away all privilege.


Actually, Exim (strictly) doesn't read the certificate at all; it just
passes the name of the file to the OpenSSH or GnuTLS library. It does
this when it initializes the library. The library then chooses when to
read the file. The library is initialized when the client issues
STARTTLS. I suppose it could be initialized earlier, on spec, but that
doesn't sound all that helpful.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book