Re: [exim] tls_verify_hostname

Inizio della pagina
Delete this message
Reply to this message
Autore: Phil Pennock
Data:  
To: Jeremy Harris
CC: exim-users
Oggetto: Re: [exim] tls_verify_hostname
On 2012-04-16 at 22:24 +0100, Jeremy Harris wrote:
> While I think of it, I'm also thinking of writing an authenticator which
> (server-side only) accepts iff a TLS connection is present and the client
> has presented a certificate valid for one of a given (as an authenticator
> option) list of names.
>
> Does this sound like a valid use-case for certificates?


I think this is normally done with EXTERNAL, so that the client still
requests AUTH within the SASL framework.

I'd have thought it could be accomplished with "plaintext", ignoring
what's sent by the client and just looking at $tls_* variables, but I
might be wrong.

-Phil