[exim] Getting Exim to Verify Remote Server's Certificate's …

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Andri
Date:  
À: exim-users
Sujet: [exim] Getting Exim to Verify Remote Server's Certificate's CN and TLS Patches
Hey,

I've been unsuccessful at getting Exim to verify the remote server's
certificate correctly and searches have lead me to an old[1] patch[2]
that seems the answer to these issues. Considering Exim's progress, the
patches probably require a decent overview in addition to just making
them patchable.

[1]
http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20020909/msg00092.html
[2]
http://www.exim.org/pipermail/exim-users/Week-of-Mon-20020916/043849.html)

The only built-in way I've found is tls_verify_certificates under a
transport, but that won't notice not-matching common names, and putting
a specific server's cert there just makes Exim fail with unverified cert
errors. Though the Root CA + CN approach seems more manageable.

Has anyone updated the patches or knows an alternative way of verifying
CN's?


Thank you in advance!

Andri