Re: [exim] tls_verify_hostname

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMJeremy Harris at <-
MPhil Pennock at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] tls_verify_hostname
On 2012-04-16 21:51, Jeremy Harris wrote:
> Agreed this is an issue. I'd like a string-expansion for testing a peer's cert
> against a specified name (using any of the CN + SAN-set, as it happens).
> Then where the name comes from is a separable policy item.

While I think of it, I'm also thinking of writing an authenticator which
(server-side only) accepts iff a TLS connection is present and the client
has presented a certificate valid for one of a given (as an authenticator
option) list of names.

Does this sound like a valid use-case for certificates?

--
Jeremy



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] tls_verify_hostnameRe: [exim] smarthost login failing->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)