[exim-dev] [Bug 674] exim can't verify sha256WithRSAEncrypti…

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Tony Finch
Ημερομηνία:  
Προς: exim-dev
Παλιά Θέματα: [exim-dev] [Bug 674] New: exim can't verify sha256WithRSAEncryption signature in X. 509 certificates when linked against OpenSSL
Αντικείμενο: [exim-dev] [Bug 674] exim can't verify sha256WithRSAEncryption signature in X.509 certificates when linked against OpenSSL
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=674




--- Comment #6 from Tony Finch <dot@???> 2008-08-13 12:13:38 ---
On Wed, 13 Aug 2008, Phil Pennock wrote:
>
> I guess the real question is whether or not it's bad to load all digests
> (and/or ciphers) when the Exim option tls_require_ciphers is set and whether or
> not we need a new tls_require_digests option (or if the ciphers option digest
> field stuff is sufficient for cert verification).


That sounds plausible.

> If tls_require_ciphers is a saving throw, then what probably needs to happen is
> that the tls_require_ciphers option should have a reasonable default set,
> instead of being unset by default, and then we add a call to
> OpenSSL_add_all_algorithms().


No, it's not Exim's job to know that kind of detail about TLS.

> Does anyone here have any expertise in this? If not, there are some people I
> can ask for help elsewhere.


That would be helpful.

Tony.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email