Re: [exim] TLS authentication

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Ian Zimmerman
Date:  
À: exim-users
Sujet: Re: [exim] TLS authentication
On Thu, Feb 16, 2023 at 09:29:20AM -0500, Viktor Dukhovni via Exim-users wrote:
> On the other hand, much better to simply maintain an explicit table of
> trusted client public keys and match these (by SHA256 fingerprint
> perhaps). Use a lookup table to check whether the client is authorised
> or not.


An excellent suggestion, thanks. I think I got stuck in this unproductive
(it seems) rut of authentication by verification because of two things:

- not immediately obvious how to *compute* the checksum to match in
the first place. I don't expect it's just the checksum over the pem
file, is it?

- the documentation for the md5 (and sha1) expansion operators is cryptic:

    If the string is a single variable of type certificate, returns the
    MD5 hash fingerprint of the certificate.


what is a "variable of type certificate" in exim's proudly unityped
macro language?

--
Ian