Re: [exim-dev] tls_in_peerdn/tls_in_peercert for unverified …

Góra strony
Delete this message
Reply to this message
Autor: Roman Rybalko
Data:  
Dla: exim-dev
Stare tematy: Re: [exim-dev] tls_in_peerdn for unverified certificate
Temat: Re: [exim-dev] tls_in_peerdn/tls_in_peercert for unverified certificate
On 25.12.2014 23:19, Jeremy Harris wrote:
> There's a slight issue: verification can fail at any link on the
> certificate chain. It's not certain we'll get as far as
> knowing the leaf certificate.

The point is that for the BLACK list the certificate MAY be invalid. For
white list the certificate definitely should be verified, but for the
black list it does not matter whether the certificate is valid. This is
a policy question.

I need to have $tls_in_peerdn for any certificate to check the black
list. Actually $tls_in_peercert would be enough for me, I may use the
subject field out of it.

Please, check my pull request: https://github.com/Exim/exim/pull/24

--
Best regards,
Roman Rybalko