Hi.
Docs say that $tls_sni has raw data from client:
"Great care should be taken to deal with matters of case, various injection
attacks in the string (../ or SQL), and ensuring that a valid filename can
always be referenced; it is important to remember that $tls_sni is arbitrary
unverified data provided prior to authentication."
What is safest approach to handle $tls_sni when trying
to expand it to file on filesystem?
Rule like:
${if exists{/etc/mail/ssl/${tls_sni}.pem}{/etc/mail/ssl/${tls_sni}.pem}{/etc/mail/default-cert.pem}
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
