[exim-dev] [Bug 2594] CNAME handling can break TLS certifica…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Old-Topics: [exim-dev] [Bug 2594] New: CNAME handing can break TLS certificate verification
Subject: [exim-dev] [Bug 2594] CNAME handling can break TLS certificate verification
https://bugs.exim.org/show_bug.cgi?id=2594

--- Comment #4 from Chris Paulson-Ellis <chris@???> ---
The STARTTLS RFC 3207 is not very helpful, describing it as a local matter and
using words like probably:

4.1 Processing After the STARTTLS Command

...

The decision of whether or not to believe the authenticity of the
other party in a TLS negotiation is a local matter. However, some
general rules for the decisions are:

   -  A SMTP client would probably only want to authenticate an SMTP
      server whose server certificate has a domain name that is the
      domain name that the client thought it was connecting to.


--
You are receiving this mail because:
You are on the CC list for the bug.