Re: [exim-dev] [Bug 786] tls_verify_hosts not verifying X509…

Top Page
Delete this message
Reply to this message
Author: Chris Edwards
Date:  
To: exim-dev
Subject: Re: [exim-dev] [Bug 786] tls_verify_hosts not verifying X509 signed from Outlook 2007
On Tue, 2 Dec 2008, jwexler@??? wrote:

| Outlook appears to send the server certificate that I loaded in Outlook's
| trusted center.


That's very strange.

Normally, a *server* certificate is sent from the server to the client, to
help the client to authenticate the server.

In some situations, the server requires the client to supply a *client*
certifiate, to help the server authenticate the client. This seems to be
what you're after. But as Andreas says, I've no idea if/how you can make
outlook supply a *client* certificate.

However, you mention outlook sending a *server* certificate. This sounds
odd - there is no point in sending a server certificate *to* the server.
Recall that the server certificate is essentially public. Anyone who can
send packets to the server can trivially download it.