Re: [exim-dev] tls_verify_certificates forced failure vs. em…

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Jeremy Harris
Data:  
Para: exim-dev
Temas novos: [exim-dev] Should we always load the default trust store? (was: tls_verify_certificates forced failure vs. empty) string
Asunto: Re: [exim-dev] tls_verify_certificates forced failure vs. empty string
On 25/11/14 07:06, Heiko Schlittermann wrote:
> (Originally I wanted to complain about loading the
> default CAs, but now it's documented at least.)


As you probably also saw, I added in 4.next a way of
saying "just use the system default bundle". I've
not changed the current behaviour with OpenSSL on
loading both the default and the specified CAs though;
do you think there is a need for that?

The OpenSSL and GnuTLS implementations behave differently
in this respect.
--
Cheers,
Jeremy