Re: [exim] tls_certificate weirdness

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Jeremy Harris
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] tls_certificate weirdness
On 23/08/16 20:03, Phillip Carroll wrote:
> The
> fact that "tls_privatekey" must be readable by exim I presume is for
> using STARTTLS for sending messages, although the TLS error message
> about the "tls_privatekey" path occurred on a received message. (I
> questioned the need for access to the private key to receive a message,
> not considering usage in the other direction.)


The Exim code telling the OpenSSL library about the private-key is in
a routine common to both server and client initialisation.

It's a fair point; we might consider making it direction-aware to
reduce the attack surface (even though most installations will be
doing both directions).
--
Cheers,
Jeremy