Author: Marc Sherman Date: To: exim-users Subject: Re: [exim] Exim accepting any signed cert as verified even when not
listed in tls_verify_certificates?
exim-users@??? wrote: >
> How things work in exim with gnutls you have to find out yourself. But
> once you know the theory, things are easier to understand. From what you
> told us so far, the combination of exim and gnutls seems to not allow
> you to configure a client certificate as trusted. The rest is as expected.
From Leon's original posting, it sounds like he already understands the
theory well enough -- the issue is that the process you suggest isn't
what's documented.
Having said that, the apparent implementation does seem sane WRT PKI
theory, and everything we want to do (such as trusting only a subset of
certs signed by the trusted roots) can be done with a combination of
this implementation and ACL conditions, so this sounds like it's just a
bug in the docs, probably. Philip?