[exim] Question regarding TLS SNI Certificates

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Sherin A
Data:  
Para: exim-users
Assunto: [exim] Question regarding TLS SNI Certificates
Hello,

I am configuring exim with a number of domains to use SNI certificates.
I have domains which use lets encrypt and commercial ssl certificates.
The certificates and keys as follows,

For the domain foo.com with user foouser :

    Lets encrypt ssl certificate =
/etc/letsencrypt/live/foo.com/fullchain.pem
    Lets encrypt ssl key  = /etc/letsencrypt/live/foo.com/privkey.pem
    Commercial ssl certificate =
/var/panel/userdata/foouser/ssl/foo.com-combined.pem
    Commercial ssl key file =
/var/panel/userdata/foouser/ssl/foo.com-key.pem

So now I have the following configuration in exim.conf . I think it
won't work because using "*" inside the condition.  Can any one help on
this.  Is it ok to use a perl subroutine instead of the following

--------- Exim.conf  start ------------

tls_certificate = ${if and \
    { \
        {gt{$tls_in_sni}{}} \
        {!match{$tls_in_sni}{/}} \
    } \
    { \
      ${if exists {/etc/letsencrypt/live/${tls_in_sni}/fullchain.pem} \
        {/etc/letsencrypt/live/${tls_in_sni}/fullchain.pem} \
      } \
      ${if exists {/var/panel/userdata/*/ssl/${tls_in_sni}-combined.pem} \
        {/var/panel/userdata/*/ssl/${tls_in_sni}-combined.pem} \
      }\
    } \
    {/etc/exim/exim.crt.pem} \
}
tls_privatekey = ${if and \
    { \
        {gt{$tls_in_sni}{}} \
        {!match{$tls_in_sni}{/}} \
    } \
    { \
      ${if exists {/etc/letsencrypt/live/${tls_in_sni}/privkey.pem} \
        {/etc/letsencrypt/live/${tls_in_sni}/privkey.pem} \
      }\
      ${if exists {/var/panel/userdata/*/ssl/${tls_in_sni}-key.pem} \
        {/var/panel/userdata/*/ssl/${tls_in_sni}-key.pem} \
      }\
    } \
    {/etc/exim/exim.key.pem} \
}

--------- Exim.conf end ---------------

Any help will be appreciated

--
Regards
Sherin A