Re: [exim] tls_verify_hostname

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] tls_verify_hostname
On 2012-04-16 21:51, Jeremy Harris wrote:
> Agreed this is an issue. I'd like a string-expansion for testing a peer's cert
> against a specified name (using any of the CN + SAN-set, as it happens).
> Then where the name comes from is a separable policy item.


While I think of it, I'm also thinking of writing an authenticator which
(server-side only) accepts iff a TLS connection is present and the client
has presented a certificate valid for one of a given (as an authenticator
option) list of names.

Does this sound like a valid use-case for certificates?

--
Jeremy