Re: [exim] Uid used to access TLS-certificates

Inizio della pagina
Delete this message
Reply to this message
Autore: Philip Hazel
Data:  
To: Tony Finch
CC: exim-users, Timo Neuvonen
Oggetto: Re: [exim] Uid used to access TLS-certificates
On Fri, 11 Feb 2005, Tony Finch wrote:

> No: Exim doesn't read the certificate until the last possible moment, at
> which point it has thrown away all privilege.


Actually, Exim (strictly) doesn't read the certificate at all; it just
passes the name of the file to the OpenSSH or GnuTLS library. It does
this when it initializes the library. The library then chooses when to
read the file. The library is initialized when the client issues
STARTTLS. I suppose it could be initialized earlier, on spec, but that
doesn't sound all that helpful.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book