Re: [exim] Exim accepting any signed cert as verified even w…

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Leon Verrall
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: Re: [exim] Exim accepting any signed cert as verified even when not listed in tls_verify_certificates?
Marc Sherman wrote:

> Having said that, the apparent implementation does seem sane WRT PKI
> theory, and everything we want to do (such as trusting only a subset of
> certs signed by the trusted roots) can be done with a combination of
> this implementation and ACL conditions, so this sounds like it's just a
> bug in the docs, probably. Philip?


That's always a possibility. Either there's a bug in the implementation
or a bug in the docs. Either way it's worth noting I guess, given that
the case of a certificate file that contains just the peer certificate,
without it's associated root CA, seems to fail.

Cheers,

Leon