Re: [exim] Uid used to access TLS-certificates

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Philip Hazel
Date:  
À: Tony Finch
CC: exim-users, Timo Neuvonen
Sujet: Re: [exim] Uid used to access TLS-certificates
On Fri, 11 Feb 2005, Tony Finch wrote:

> No: Exim doesn't read the certificate until the last possible moment, at
> which point it has thrown away all privilege.


Actually, Exim (strictly) doesn't read the certificate at all; it just
passes the name of the file to the OpenSSH or GnuTLS library. It does
this when it initializes the library. The library then chooses when to
read the file. The library is initialized when the client issues
STARTTLS. I suppose it could be initialized earlier, on spec, but that
doesn't sound all that helpful.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book