Autore: Jeremy Harris Data: To: exim-users Oggetto: Re: [exim] tls_verify_hostname
On 2012-04-16 21:51, Jeremy Harris wrote: > Agreed this is an issue. I'd like a string-expansion for testing a peer's cert
> against a specified name (using any of the CN + SAN-set, as it happens).
> Then where the name comes from is a separable policy item.
While I think of it, I'm also thinking of writing an authenticator which
(server-side only) accepts iff a TLS connection is present and the client
has presented a certificate valid for one of a given (as an authenticator
option) list of names.
Does this sound like a valid use-case for certificates?