[exim-dev] [Bug 1753] Certificate/key data from string

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Old-Topics: [exim-dev] [Bug 1753] New: Certificate/key data from string
Subject: [exim-dev] [Bug 1753] Certificate/key data from string
https://bugs.exim.org/show_bug.cgi?id=1753

Yevgeny Kosarzhevsky <phaoost@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |phaoost@???


--- Comment #1 from Yevgeny Kosarzhevsky <phaoost@???> ---
Created attachment 1185
--> https://bugs.exim.org/attachment.cgi?id=1185&action=edit
Read TLS certificates/keys from a string rather than from files

I made the attached patch for 4.92 version found in devuan ascii-backports
repository, which is probably mirrored from debian stretch-backports.
The patch replaces current way of reading keys and certificates from files to
providing them inline.

I am now able to lookup TLS keys and certificates as follows:

tls_certificate = ${lookup pgsql{SELECT tls_cert FROM domains \
WHERE domain='${quote_pgsql:$tls_in_sni}'}{$value}\
{${lookup pgsql{SELECT tls_cert FROM domains WHERE \
domain='${quote_pgsql:$qualify_domain}'}{$value}fail}}}

tls_privatekey = ${lookup pgsql{SELECT tls_key FROM domains \
WHERE domain='${quote_pgsql:$tls_in_sni}'}{$value}\
{${lookup pgsql{SELECT tls_key FROM domains WHERE \
domain='${quote_pgsql:$qualify_domain}'}{$value}fail}}}

I have tested connectivity and it works as expected.

It can be used as a temporary workaround until the necessary changes will
appear in exim but only in case you don't need to read TLS key/cert from file

--
You are receiving this mail because:
You are on the CC list for the bug.