On 11/01/2011 10:44, David Angleitner wrote:
> I'm looking for a way to verify the fingerprint
> of a remote server's certificate when sending
> mail.
>
> I understand tls_verify_certificates can be used
> to match the certificate. Is there a way to verify
> the fingerprint instead?
>
> What I'm looking for is what can be done in postfix
> with a tls_policy_map like this:
>
> domain.tld fingerprint match=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
I don't think you can use fingerprints. I *think* you need to fetch the
certificate, store it on disk (file or folder depending on OpenSSL or
GnuTLS) and then use the tls_verify_certificates option in the remote
smtp transport. Look up that option on
http://www.exim.org/exim-html-current/doc/html/spec_html/ch39.html
--
Mike Cardwell
https://secure.grepular.com/ https://twitter.com/mickeyc
Professional
http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F