Re: [exim-dev] tls_in_peerdn for unverified certificate

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-dev
New-Topics: Re: [exim-dev] tls_in_peerdn/tls_in_peercert for unverified certificate
Subject: Re: [exim-dev] tls_in_peerdn for unverified certificate
On 24/12/14 12:07, Roman Rybalko (exim) wrote:
> I'd like to configure certificate blacklist. I need to have Subject
> certificate field available for every incoming certificate, even for
> unverified.
> Now it is implemented in a way, that $tls_in_peerdn is unavailable when
> the certificate fails to be verified.
>
> Is it possible to make tls_in_peerdn available for unverified
> certificates also? Won't it break something?
> If it is OK, I'll provide a patch.


There's a slight issue: verification can fail at any link on the
certificate chain. It's not certain we'll get as far as
knowing the leaf certificate.
--
Cheers,
Jeremy