On Fri, 11 Feb 2005, Tony Finch wrote:
> No: Exim doesn't read the certificate until the last possible moment, at
> which point it has thrown away all privilege.
Actually, Exim (strictly) doesn't read the certificate at all; it just
passes the name of the file to the OpenSSH or GnuTLS library. It does
this when it initializes the library. The library then chooses when to
read the file. The library is initialized when the client issues
STARTTLS. I suppose it could be initialized earlier, on spec, but that
doesn't sound all that helpful.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
