Re: [exim-dev] tls_verify_certificates forced failure vs. em…

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Jeremy Harris
Fecha:  
A: exim-dev
Temas nuevos: [exim-dev] Should we always load the default trust store? (was: tls_verify_certificates forced failure vs. empty) string
Asunto: Re: [exim-dev] tls_verify_certificates forced failure vs. empty string
On 25/11/14 07:06, Heiko Schlittermann wrote:
> (Originally I wanted to complain about loading the
> default CAs, but now it's documented at least.)


As you probably also saw, I added in 4.next a way of
saying "just use the system default bundle". I've
not changed the current behaviour with OpenSSL on
loading both the default and the specified CAs though;
do you think there is a need for that?

The OpenSSL and GnuTLS implementations behave differently
in this respect.
--
Cheers,
Jeremy