Hello,
I would like to match a number of TLS client certificates in an ACL.
What's the best way to do this?
I came up with
accept
verify = certificate
condition = ${lookup{$tls_peerdn}lsearch{/etc/exim4/relayhosts}{true}{false}}
control = submission
but this requires me to put really awkward long DN strings into the
relayhosts file. I'd rather just match on something more concise, e.g.
the CN.
Any recommendations?
Thanks,
-Nikolaus
--
»Time flies like an arrow, fruit flies like a Banana.«
PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C
