Re: [exim] TLS authentication

Top Page
Delete this message
Reply to this message
Author: Ian Zimmerman
Date:  
To: exim-users
Subject: Re: [exim] TLS authentication
On Thu, Feb 16, 2023 at 09:29:20AM -0500, Viktor Dukhovni via Exim-users wrote:
> On the other hand, much better to simply maintain an explicit table of
> trusted client public keys and match these (by SHA256 fingerprint
> perhaps). Use a lookup table to check whether the client is authorised
> or not.


An excellent suggestion, thanks. I think I got stuck in this unproductive
(it seems) rut of authentication by verification because of two things:

- not immediately obvious how to *compute* the checksum to match in
the first place. I don't expect it's just the checksum over the pem
file, is it?

- the documentation for the md5 (and sha1) expansion operators is cryptic:

    If the string is a single variable of type certificate, returns the
    MD5 hash fingerprint of the certificate.


what is a "variable of type certificate" in exim's proudly unityped
macro language?

--
Ian