Re: [exim-dev] tls_in_peerdn/tls_in_peercert for unverified …

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
M\Jeremy Harris at ->
Delete this message
Reply to this message
Author: Roman Rybalko
Date:  
To: exim-dev
Old-Topics: Re: [exim-dev] tls_in_peerdn for unverified certificate
Subject: Re: [exim-dev] tls_in_peerdn/tls_in_peercert for unverified certificate
On 25.12.2014 23:19, Jeremy Harris wrote:
> There's a slight issue: verification can fail at any link on the
> certificate chain. It's not certain we'll get as far as
> knowing the leaf certificate.
The point is that for the BLACK list the certificate MAY be invalid. For
white list the certificate definitely should be verified, but for the
black list it does not matter whether the certificate is valid. This is
a policy question.

I need to have $tls_in_peerdn for any certificate to check the black
list. Actually $tls_in_peercert would be enough for me, I may use the
subject field out of it.

Please, check my pull request: https://github.com/Exim/exim/pull/24

--
Best regards,
Roman Rybalko

This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-Re: [exim-dev] tls_in_peerdn for unverified certificateRe: [exim-dev] tls_in_peerdn/tls_in_peercert for unverified certificate->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)