Re: [exim-dev] tls_in_peerdn for unverified certificate

Página Inicial
Delete this message
Reply to this message
Autor: Jeremy Harris
Data:  
Para: exim-dev
Novos Tópicos: Re: [exim-dev] tls_in_peerdn/tls_in_peercert for unverified certificate
Assunto: Re: [exim-dev] tls_in_peerdn for unverified certificate
On 24/12/14 12:07, Roman Rybalko (exim) wrote:
> I'd like to configure certificate blacklist. I need to have Subject
> certificate field available for every incoming certificate, even for
> unverified.
> Now it is implemented in a way, that $tls_in_peerdn is unavailable when
> the certificate fails to be verified.
>
> Is it possible to make tls_in_peerdn available for unverified
> certificates also? Won't it break something?
> If it is OK, I'll provide a patch.


There's a slight issue: verification can fail at any link on the
certificate chain. It's not certain we'll get as far as
knowing the leaf certificate.
--
Cheers,
Jeremy