[exim] TLS authentication

Startseite
Diese Nachricht ist Teil des folgenden Threads:
M-+\Der komplette Thread sortiert nach Datum
M.MM 
M\MJeremy Harris am ->
Nachricht löschen
Nachricht beantworten
Autor: Ian Zimmerman
Datum:  
To: exim-users
Betreff: [exim] TLS authentication

The Spec discusses this in chapter 42. However, it depends on general
certificate verification, which is discussed in 43.7, and so on the
tls_verify_certificates main configuration item. Reading the
documentaion for that,

The value of this option is expanded, and must then be either the word
"system" or the absolute path to a file or directory containing
permitted certificates for clients that match tls_verify_hosts or
tls_try_verify_hosts.

The "system" value for the option will use a system default location
compiled into the SSL library. This is not available for GnuTLS
versions preceding 3.0.20, and will be taken as empty; an explicit
location must be specified.

...

With OpenSSL the certificates specified explicitly either by file or
directory are added to those given by the system default location.

Is it at all possible with OpenSSL to stop the "system" location from
being checked? If not, that seems to make the use of TLS for client
authentication impossible because any certificate presented by
e.g. Google will pass verification. Am I reading this correctly?

--
Ian

Diese Nachricht wurde auf der folgenden Mailing-List gepostet:
Exim-users
Mailing-List-Info | Nachrichten um die Zeit		<-Re: [exim] Cutthrough Delivery to LMTP--Will it Work?Re: [exim] Cutthrough Delivery to LMTP--Will it Work?->
Tahini and Hummus and Cumin Development Archives administriert von cumin AdminsLurker (Version 2.3)