On 16/02/2023 21:09, Viktor Dukhovni via Exim-users wrote: > Some applications (want to) only accept client certificates issued by a
> dedicated non-public CA, which amounts to an authorisation server
In exim usage that's a test on a certextract of the issuer of
$tls_in_peercert, either just in ACL or as part of the
serer_condition for an authenticator using the tls driver.
For either, the TLS session has to have been accepted first.
--
Cheers,
Jeremy
