[exim] Matching client certificates in ACL

Top Page
Delete this message
Reply to this message
Author: Nikolaus Rath
Date:  
To: exim-users
Subject: [exim] Matching client certificates in ACL
Hello,

I would like to match a number of TLS client certificates in an ACL.
What's the best way to do this?

I came up with

  accept
    verify = certificate
    condition = ${lookup{$tls_peerdn}lsearch{/etc/exim4/relayhosts}{true}{false}}
    control = submission


but this requires me to put really awkward long DN strings into the
relayhosts file. I'd rather just match on something more concise, e.g.
the CN.

Any recommendations?


Thanks,

-Nikolaus

--
»Time flies like an arrow, fruit flies like a Banana.«

PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C