Author: Leon Verrall Date: To: exim-users Subject: Re: [exim] Exim accepting any signed cert as verified even when not
listed in tls_verify_certificates?
Marc Sherman wrote:
> Having said that, the apparent implementation does seem sane WRT PKI
> theory, and everything we want to do (such as trusting only a subset of
> certs signed by the trusted roots) can be done with a combination of
> this implementation and ACL conditions, so this sounds like it's just a
> bug in the docs, probably. Philip?
That's always a possibility. Either there's a bug in the implementation
or a bug in the docs. Either way it's worth noting I guess, given that
the case of a certificate file that contains just the peer certificate,
without it's associated root CA, seems to fail.
