Re: [exim] TLS authentication

Startseite
Diese Nachricht ist Teil des folgenden Threads:
M-+\Der komplette Thread sortiert nach Datum
M.MMViktor Dukhovni am <-
M\MViktor Dukhovni am ->
Nachricht löschen
Nachricht beantworten
Autor: Heiko Schlittermann
Datum:  
To: exim-users
CC: Ian Zimmerman
Betreff: Re: [exim] TLS authentication
Ian Zimmerman via Exim-users <exim-users@???> (Di 14 Feb 2023 01:40:52 CET):
> With OpenSSL the certificates specified explicitly either by file or
> directory are added to those given by the system default location.
>
> Is it at all possible with OpenSSL to stop the "system" location from
> being checked? If not, that seems to make the use of TLS for client
> authentication impossible because any certificate presented by
> e.g. Google will pass verification. Am I reading this correctly?

IMHO it shouldn't be sufficient accept any client that just has a
verified certificate ("authenticated"). You should check, if the client
is "authorized", by checking required certificate attributes (issuer,
subject, …)

Maybe I got you wrong.
--
Heiko
Diese Nachricht wurde auf der folgenden Mailing-List gepostet:
Exim-users
Mailing-List-Info | Nachrichten um die Zeit		<-Re: [exim] TLS authenticationRe: [exim] TLS authentication->
Tahini and Hummus and Cumin Development Archives administriert von cumin AdminsLurker (Version 2.3)