[exim] Verifying cert CN/SAN against hostname

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Tristan Schmelcher
日付:  
To: exim-users
題目: [exim] Verifying cert CN/SAN against hostname
Hello,

When using TLS certificate verification on outgoing SMTP, is it
possible to enable verification of the remote server certificate's
Common Name or Subject Alternate Name against the server hostname
configured in the route_list ? It seems that even when
tls_verify_certificates is set there is no verification of the CN/SAN.

I am thinking there may be a way to achieve this verification with
$tls_out_peerdn but it's not clear to me how. Has anyone done this
before? My server requires authentication so I would like to do this
to prevent a MitM attack from stealing my auth credentials.