Re: [exim] gnutls tester wanted

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MMarcin Mirosław at <-
MViktor Dukhovni at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] gnutls tester wanted
On 22/09/14 14:57, Viktor Dukhovni wrote:
> On Fri, Sep 19, 2014 at 04:11:31PM +0100, Jeremy Harris wrote:
>
>> Mind, I think I see an issue in the openssl implementation;
>> does anyone actually use it? I *think* the only advertised
>> acceptable CAs are those from a file, not from a dir...
>
> Lots of people use CApath with OpenSSL. You need to run c_rehash,
> and be mindful of the fact that the hash symlinks are different
> for OpenSSL 0.9.x vs. 1.0.0 and later. Some versions of c_rehash
> generate both.

I was concerned about exim's usage, not the OpenSSL library per se.

It turns out that both OpenSSL and GnuTLS intentionally violate
the letter of the standard in the relevant area (the list of
acceptable CAs for client certificates that the server sends);
hence the apparent failing of the exim usage is possibly moot
(depending on whether other SSL libraries also ignore the
list as received at the client).
--
Cheers,
Jeremy


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] gnutls tester wantedRe: [exim] gnutls tester wanted->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)