Autor: Richard Jones Data: A: Jeremy Harris via Exim-users Assumpte: Re: [exim] Server offering *all* certificates
On Mar 29, Jeremy Harris via Exim-users wrote > You are presumably setting up to request client certs (this is the CAs
> list that you'll be verifying client certs against). The idea is that
> the server tells the client what authorities might be acceptable, so
> that the client can pick among several client certs it might have
> available for presentation.
>
> There's a hint in the docs that you can subvert that by using
> (with OpenSSL or with recent GnuTLS) a directory full of certs
> for tls_verify_certificates.
>
>
> Of course, if you're not planning on using client certs, you don't
> need any of this.
I was hoping to be able to validate them, yes. It just seems overkill to
also offer every root CA installed.
If it's a choice of one cert or all, then clearly this isn't the end of
the world, and thanks!
