Re: [exim] Exim accepting any signed cert as verified even w…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Leon Verrall
Datum:  
To: exim-users
Betreff: Re: [exim] Exim accepting any signed cert as verified even when not listed in tls_verify_certificates?
Marc Sherman wrote:

> Having said that, the apparent implementation does seem sane WRT PKI
> theory, and everything we want to do (such as trusting only a subset of
> certs signed by the trusted roots) can be done with a combination of
> this implementation and ACL conditions, so this sounds like it's just a
> bug in the docs, probably. Philip?


That's always a possibility. Either there's a bug in the implementation
or a bug in the docs. Either way it's worth noting I guess, given that
the case of a certificate file that contains just the peer certificate,
without it's associated root CA, seems to fail.

Cheers,

Leon