Re: [exim-dev] tls_in_peerdn/tls_in_peercert for unverified …

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Roman Rybalko
Fecha:  
A: exim-dev
Temas antiguos: Re: [exim-dev] tls_in_peerdn for unverified certificate
Asunto: Re: [exim-dev] tls_in_peerdn/tls_in_peercert for unverified certificate
On 25.12.2014 23:19, Jeremy Harris wrote:
> There's a slight issue: verification can fail at any link on the
> certificate chain. It's not certain we'll get as far as
> knowing the leaf certificate.

The point is that for the BLACK list the certificate MAY be invalid. For
white list the certificate definitely should be verified, but for the
black list it does not matter whether the certificate is valid. This is
a policy question.

I need to have $tls_in_peerdn for any certificate to check the black
list. Actually $tls_in_peercert would be enough for me, I may use the
subject field out of it.

Please, check my pull request: https://github.com/Exim/exim/pull/24

--
Best regards,
Roman Rybalko