[exim] Verifying cert CN/SAN against hostname

Startseite
Diese Nachricht ist Teil des folgenden Threads:
MDer komplette Thread sortiert nach Datum
M 
Jeremy Harris am ->
Nachricht löschen
Nachricht beantworten
Autor: Tristan Schmelcher
Datum:  
To: exim-users
Betreff: [exim] Verifying cert CN/SAN against hostname
Hello,

When using TLS certificate verification on outgoing SMTP, is it
possible to enable verification of the remote server certificate's
Common Name or Subject Alternate Name against the server hostname
configured in the route_list ? It seems that even when
tls_verify_certificates is set there is no verification of the CN/SAN.

I am thinking there may be a way to achieve this verification with
$tls_out_peerdn but it's not clear to me how. Has anyone done this
before? My server requires authentication so I would like to do this
to prevent a MitM attack from stealing my auth credentials.

Diese Nachricht wurde auf der folgenden Mailing-List gepostet:
Exim-users
Mailing-List-Info | Nachrichten um die Zeit		<-Re: [exim] How to be resilient to mysql server unreachable?[exim] Different auth validation fore relay and local domains->
Tahini and Hummus and Cumin Development Archives administriert von cumin AdminsLurker (Version 2.3)