[exim-dev] [Bug 2594] CNAME handling can break TLS certifica…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
Madmin at <-
MViktor Dukhovni at ->
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Old-Topics: [exim-dev] [Bug 2594] New: CNAME handing can break TLS certificate verification
Subject: [exim-dev] [Bug 2594] CNAME handling can break TLS certificate verification
https://bugs.exim.org/show_bug.cgi?id=2594

--- Comment #4 from Chris Paulson-Ellis <chris@???> ---
The STARTTLS RFC 3207 is not very helpful, describing it as a local matter and
using words like probably:

4.1 Processing After the STARTTLS Command

...

The decision of whether or not to believe the authenticity of the
other party in a TLS negotiation is a local matter. However, some
general rules for the decisions are: 

   -  A SMTP client would probably only want to authenticate an SMTP
      server whose server certificate has a domain name that is the
      domain name that the client thought it was connecting to.


--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 2594] CNAME handling can break TLS certificate verification[exim-dev] [Bug 2593] Can't open .vacation file: EXIM_DBOPEN: file <.vacation> dir <.vacation> flags=O_RDWR|O_CREAT->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)