[exim] Verifying cert CN/SAN against hostname

Top Page
Delete this message
Reply to this message
Author: Tristan Schmelcher
Date:  
To: exim-users
Subject: [exim] Verifying cert CN/SAN against hostname
Hello,

When using TLS certificate verification on outgoing SMTP, is it
possible to enable verification of the remote server certificate's
Common Name or Subject Alternate Name against the server hostname
configured in the route_list ? It seems that even when
tls_verify_certificates is set there is no verification of the CN/SAN.

I am thinking there may be a way to achieve this verification with
$tls_out_peerdn but it's not clear to me how. Has anyone done this
before? My server requires authentication so I would like to do this
to prevent a MitM attack from stealing my auth credentials.