[exim] undocumented feature ?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: David Saez Padros
Datum:  
To: EXIM mailing list
Betreff: [exim] undocumented feature ?
Hi !!

Documentation on TLS on chapter 38.7 says "The contents of the
certificate are verified by comparing it with a list of expected
certificates. These must be available in a file or, for OpenSSL only
not GnuTLS), a directory, identified by tls_verify_certificates."
but when playing with TLS having tls_try_verify_hosts = * i noticed
that some hosts which certificates where not on my
tls_verify_certificates produced a positive certificate verification
($tls_peerdn set and $tls_certificate_verified set to 1). I supose that
this also happens with certificates that openssl itself can verificate
probably because it has it's own list of CA's installed elsewhere.

--
Best regards ...

----------------------------------------------------------------
    David Saez Padros                http://www.ols.es
    On-Line Services 2000 S.L.       e-mail  david@???
    Pintor Vayreda 1                 telf    +34 902 50 29 75
    08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------