Re: [exim-dev] tls_in_peerdn/tls_in_peercert for unverified …

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Roman Rybalko
Date:  
À: exim-dev
Anciens-sujets: Re: [exim-dev] tls_in_peerdn for unverified certificate
Sujet: Re: [exim-dev] tls_in_peerdn/tls_in_peercert for unverified certificate
On 25.12.2014 23:19, Jeremy Harris wrote:
> There's a slight issue: verification can fail at any link on the
> certificate chain. It's not certain we'll get as far as
> knowing the leaf certificate.

The point is that for the BLACK list the certificate MAY be invalid. For
white list the certificate definitely should be verified, but for the
black list it does not matter whether the certificate is valid. This is
a policy question.

I need to have $tls_in_peerdn for any certificate to check the black
list. Actually $tls_in_peercert would be enough for me, I may use the
subject field out of it.

Please, check my pull request: https://github.com/Exim/exim/pull/24

--
Best regards,
Roman Rybalko