Jorge Bastos wrote: >>> tls_cafile = /etc/ssl/certs/mail.decimal.pt.pem >>> tls_cert = /etc/ssl/certs/mail.decimal.pt.pem >>> tls_key = /etc/ssl/certs/mail.decimal.pt.pem >>> > > Allow me other question: > > If the cert is created with another CN, and I configure the email client > with mail.xxx.pt, other host than the configured one, I'll get a warning > message, correct? > > No way to bypass this? Maybe using IP? (Don't if works/it's possible) > Cannot bypass, as it is your client that is complaining about the content of the SSL certificate. So other than making the client ignore it, there's nothing to do. From exp with Thunderbird, yes it will complain about connecting via IP.
I never did try to issue an SSL cert for an IP, but I'm reasonably confident it's a strcmp() (in fact, this came up recently as an exploit)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dbmail-dev mailing list [email protected] http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev
