Re: [exim] Question regarding TLS SNI Certificates

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Cyborg
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] Question regarding TLS SNI Certificates
Am 16.09.21 um 18:39 schrieb Jeremy Harris via Exim-users:
>
>>   Can any one help on this.  Is it ok to use a perl subroutine
>> instead of the following
>
> Yes, assuming you built exim with embedded perl.  But you probably
> don't need to,
> so much as concisely express what you need.  The obfucation above
> ("foo" etc.)
> doesn't help us help you.
>



It's obviose what he wants to do, which can only work, if he gets the
username before this condition is used,
which is not possible.

The solution is to use a sql select, which yields the path of the cert,
just by selecting for the domainname.

It also simplifies the condition, as the "path to use, if exists" part
is outsourced to whatever script inserts the data to this database table:

tls_certificate =${lockup mysql{"SELECT certpath FROM certs WHERE
domain='${quote_mysql:${tls_in_sni}}' order by commercial limit 1"}}
tls_privatekey =${lockup mysql{"SELECT keypath FROM certs WHERE
domain='${quote_mysql:${tls_in_sni}}' order by commercial limit 1"}}

In case you wanne use a default cert, use ...
'${quote_mysql:${tls_in_sni}}' REGEXP domain order by commercial, domain
limit 1

and a domain entry => ".*" with the default key and certpath. OR you
make an IF-Clause in Exim.. your choice. The sortorder in the above
query depends on how it's organized in detail, and may or may not
contain "DESC" .

Best regards,
Marius