Author: Phil Pennock Date: To: John Burnham CC: exim-users@exim.org >> \"<exim-users@exim.org>\" Subject: Re: [exim] SNI Support
On 2013-10-10 at 16:17 +0100, John Burnham wrote: > As it says in the docs: > Great care should be taken to deal with matters of case, various injection attacks in the string (../ or SQL), and ensuring that a valid filename can always be referenced; it is important to remember that $tls_sni is arbitrary unverified data provided prior to authentication.
>
> ---
> So you could have
> Tls_privatekey = /etc/exim/keys/${tls_sni}
> Tls_certificate = /etc/exim/certs/${tls_sni}
> Or something fancier with lookups and defaults and all that sort of thing (and that does some sanity checking of the contents of $tls_sni - especially if you're using a SQL based lookup).
Note that the SNI field in TLS is just a text string, so could easily be
"../../../../../etc/passwd".