[exim] Verifying cert CN/SAN against hostname

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
Jeremy Harris at ->
Delete this message
Reply to this message
Author: Tristan Schmelcher
Date:  
To: exim-users
Subject: [exim] Verifying cert CN/SAN against hostname
Hello,

When using TLS certificate verification on outgoing SMTP, is it
possible to enable verification of the remote server certificate's
Common Name or Subject Alternate Name against the server hostname
configured in the route_list ? It seems that even when
tls_verify_certificates is set there is no verification of the CN/SAN.

I am thinking there may be a way to achieve this verification with
$tls_out_peerdn but it's not clear to me how. Has anyone done this
before? My server requires authentication so I would like to do this
to prevent a MitM attack from stealing my auth credentials.

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] How to be resilient to mysql server unreachable?[exim] Different auth validation fore relay and local domains->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)