On Thu, Feb 16, 2023 at 09:29:20AM -0500, Viktor Dukhovni via Exim-users wrote:
> On the other hand, much better to simply maintain an explicit table of
> trusted client public keys and match these (by SHA256 fingerprint
> perhaps). Use a lookup table to check whether the client is authorised
> or not.
An excellent suggestion, thanks. I think I got stuck in this unproductive
(it seems) rut of authentication by verification because of two things:
- not immediately obvious how to *compute* the checksum to match in
the first place. I don't expect it's just the checksum over the pem
file, is it?
- the documentation for the md5 (and sha1) expansion operators is cryptic:
If the string is a single variable of type certificate, returns the
MD5 hash fingerprint of the certificate.
what is a "variable of type certificate" in exim's proudly unityped
macro language?
--
Ian
