On 24/12/14 12:07, Roman Rybalko (exim) wrote:
> I'd like to configure certificate blacklist. I need to have Subject
> certificate field available for every incoming certificate, even for
> unverified.
> Now it is implemented in a way, that $tls_in_peerdn is unavailable when
> the certificate fails to be verified.
>
> Is it possible to make tls_in_peerdn available for unverified
> certificates also? Won't it break something?
> If it is OK, I'll provide a patch.
There's a slight issue: verification can fail at any link on the
certificate chain. It's not certain we'll get as far as
knowing the leaf certificate.
--
Cheers,
Jeremy
