Re: [exim] Server offering *all* certificates

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Richard Jones
Date:  
À: Jeremy Harris via Exim-users
Sujet: Re: [exim] Server offering *all* certificates
On Mar 29, Jeremy Harris via Exim-users wrote
> You are presumably setting up to request client certs (this is the CAs
> list that you'll be verifying client certs against). The idea is that
> the server tells the client what authorities might be acceptable, so
> that the client can pick among several client certs it might have
> available for presentation.
>
> There's a hint in the docs that you can subvert that by using
> (with OpenSSL or with recent GnuTLS) a directory full of certs
> for tls_verify_certificates.
>
>
> Of course, if you're not planning on using client certs, you don't
> need any of this.


I was hoping to be able to validate them, yes. It just seems overkill to
also offer every root CA installed.

If it's a choice of one cert or all, then clearly this isn't the end of
the world, and thanks!

R

--
junix.systems/privacy