[exim-dev] [Bug 1457] Provide keyword to set certificate cha…

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 1457] Provide keyword to set certificate chain
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1457

Phil Pennock <pdp@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
           Keywords|work:tiny                   |work:large
         Resolution|                            |WONTFIX





--- Comment #1 from Phil Pennock <pdp@???> 2014-04-01 10:07:50 ---
Exim can be built with either OpenSSL or GnuTLS and GnuTLS does not provide an
API function to manage this. If we are willing to sacrifice some GnuTLS
version portability and create more problems for people installing Exim, then
we could manually parse the intermediate and final certificate files and
construct an in-memory list, to provide that, but I don't think we want to go
that route for such a minor feature.

Apache using mod_gnutls instead of mod_ssl has the same constraint. Nginx has
the same constraint.

Instead of managing files deployed to production manually, it is probably a
better approach to look at automation and tooling for your environment, which
can start with something as simple as a Makefile which has a rule to create
"foo.chained.crt" from "foo.crt" and "ca-chain-1.crt", then configure Exim to
use "foo.chained.crt". This gets rid of the manual editing and will let you
declare dependencies between the files.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email