Re: [exim] tls_verify_hostname

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMPhil Pennock at <-
M 
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Jeremy Harris
CC: exim-users
Subject: Re: [exim] tls_verify_hostname
On 2012-04-16 at 22:24 +0100, Jeremy Harris wrote:
> While I think of it, I'm also thinking of writing an authenticator which
> (server-side only) accepts iff a TLS connection is present and the client
> has presented a certificate valid for one of a given (as an authenticator
> option) list of names.
>
> Does this sound like a valid use-case for certificates?

I think this is normally done with EXTERNAL, so that the client still
requests AUTH within the SASL framework.

I'd have thought it could be accomplished with "plaintext", ignoring
what's sent by the client and just looking at $tls_* variables, but I
might be wrong.

-Phil

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] tls_verify_hostname[exim] OT: Daft Question: HELO/EHLO FQDN or FQHN?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)