Re: [exim] Matching client certificates in ACL

Góra strony
Delete this message
Reply to this message
Autor: Mike Cardwell
Data:  
Dla: exim-users
Temat: Re: [exim] Matching client certificates in ACL
On 27/12/2010 17:53, Nikolaus Rath wrote:

> I would like to match a number of TLS client certificates in an ACL.
> What's the best way to do this?
>
> I came up with
>
>   accept
>     verify = certificate
>     condition = ${lookup{$tls_peerdn}lsearch{/etc/exim4/relayhosts}{true}{false}}
>     control = submission

>
> but this requires me to put really awkward long DN strings into the
> relayhosts file. I'd rather just match on something more concise, e.g.
> the CN.
>
> Any recommendations?


Pull out the CN from $tls_peerdn using the "sg" string expansion and
search using that value. See,
http://www.exim.org/exim-html-current/doc/html/spec_html/ch11.html

--
Mike Cardwell https://secure.grepular.com/ https://twitter.com/mickeyc
Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F