Re: [exim] Exim accepting any signed cert as verified even w…

Top Page
Delete this message
Reply to this message
Author: exim-users
Date:  
To: exim-users
Subject: Re: [exim] Exim accepting any signed cert as verified even when not listed in tls_verify_certificates?
Hi Marc,

Marc Sherman schrieb:
> exim-users@??? wrote:
>> How things work in exim with gnutls you have to find out yourself. But
>> once you know the theory, things are easier to understand. From what you
>> told us so far, the combination of exim and gnutls seems to not allow
>> you to configure a client certificate as trusted. The rest is as expected.
>
> From Leon's original posting, it sounds like he already understands the
> theory well enough -- the issue is that the process you suggest isn't
> what's documented.


I didn't suggest any process. I described how PKI works, so we share a
common foundation, on which we can build up our reasoning.

> Having said that, the apparent implementation does seem sane WRT PKI
> theory,


If I can't delegate trust to a single client certificate, but have to
delegate trust to a ca and use an PKI-external mechanism, ie. exim's
ACLs to restrict that trust again, I wouldn't call that sane...but we
have to live with the limitations of the crypto libraries used.

and everything we want to do (such as trusting only a subset of
> certs signed by the trusted roots) can be done with a combination of
> this implementation and ACL conditions,


As always, there are many ways to Rome :)

Of course, if the underlying crypto libraries don't allow to delegate
trust to non-root ca certificates, this discussion is academic and it
should be noted in the specs that verification fails if the certificate
chain can't be build up to a root ca certificate that is configured via
the tls_verify_certificates option.

From looking at the openssl docs, this seems to be the case indeed:
"Firstly a certificate chain is built up starting from the supplied
certificate and ending in the root CA. It is an error if the whole chain
cannot be built up." Please note, that this is not required by PKI
(unless you check for certificate revocation) nor by TLS.

Additionally to a successful cryptographic verification process, one
must always check that the certificate indeed belongs to the host
presenting it, ie. the host's name (or ip address) should be stated in
the certificate, either in its Subject field or in an
SubjectAlternativeName extension field. Looking at the exim spec, it
seems, $tls_peerdn unfortunately gives access only to the certificate's
Subject field.


Patrick Eisenacher