Συντάκτης: Phil Pennock Ημερομηνία: Προς: Jeremy Harris Υ/ο: exim-users Αντικείμενο: Re: [exim] tls_verify_hostname
On 2012-04-16 at 22:24 +0100, Jeremy Harris wrote: > While I think of it, I'm also thinking of writing an authenticator which
> (server-side only) accepts iff a TLS connection is present and the client
> has presented a certificate valid for one of a given (as an authenticator
> option) list of names.
>
> Does this sound like a valid use-case for certificates?
I think this is normally done with EXTERNAL, so that the client still
requests AUTH within the SASL framework.
I'd have thought it could be accomplished with "plaintext", ignoring
what's sent by the client and just looking at $tls_* variables, but I
might be wrong.