Re: [exim] TLS authentication

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Ian Zimmerman
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] TLS authentication
On Thu, Feb 16, 2023 at 09:29:20AM -0500, Viktor Dukhovni via Exim-users wrote:
> On the other hand, much better to simply maintain an explicit table of
> trusted client public keys and match these (by SHA256 fingerprint
> perhaps). Use a lookup table to check whether the client is authorised
> or not.


An excellent suggestion, thanks. I think I got stuck in this unproductive
(it seems) rut of authentication by verification because of two things:

- not immediately obvious how to *compute* the checksum to match in
the first place. I don't expect it's just the checksum over the pem
file, is it?

- the documentation for the md5 (and sha1) expansion operators is cryptic:

    If the string is a single variable of type certificate, returns the
    MD5 hash fingerprint of the certificate.


what is a "variable of type certificate" in exim's proudly unityped
macro language?

--
Ian