On 24/05/2022 16:58, Axel Rau via Exim-users wrote:
>
>
>> Am 24.05.2022 um 00:37 schrieb Jeremy Harris via Exim-users <exim-users@???>:
>>
>> On 23/05/2022 20:38, Axel Rau via Exim-users wrote:
>>> After turning on setuid bit on exim binary, it could no longer access
>>> the DB (error=‚valid client cert required‘)
It looks like the pgsql client library is doing certs stuff all on its
own.
https://www.postgresql.org/docs/9.1/libpq-ssl.html says it'll
send ~/.postgresql/postgresql.crt - and that is obviously
going to be a problem for a client that is dancing around different
user identities.
https://www.postgresql.org/docs/9.5/libpq-envars.html
lists PGSSLCERT and PGSSLKEY which look plausible as a way of
telling it specifically where to look.
So you just need to run with those set up in exim's environment.
Have a look at the "add_environment" min config option.
--
Cheers,
Jeremy