Re: [exim] Server offering *all* certificates

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Jeremy Harris at <-
MMJeremy Harris at ->
Delete this message
Reply to this message
Author: Richard Jones
Date:  
To: Jeremy Harris via Exim-users
Subject: Re: [exim] Server offering *all* certificates
On Mar 29, Jeremy Harris via Exim-users wrote
> You are presumably setting up to request client certs (this is the CAs
> list that you'll be verifying client certs against). The idea is that
> the server tells the client what authorities might be acceptable, so
> that the client can pick among several client certs it might have
> available for presentation.
>
> There's a hint in the docs that you can subvert that by using
> (with OpenSSL or with recent GnuTLS) a directory full of certs
> for tls_verify_certificates.
>
>
> Of course, if you're not planning on using client certs, you don't
> need any of this.

I was hoping to be able to validate them, yes. It just seems overkill to
also offer every root CA installed.

If it's a choice of one cert or all, then clearly this isn't the end of
the world, and thanks!

R

--
junix.systems/privacy

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Server offering *all* certificatesRe: [exim] Server offering *all* certificates->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)