On 16/02/2023 21:09, Viktor Dukhovni via Exim-users wrote:
Some applications (want to) only accept client certificates issued by a dedicated non-public CA, which amounts to an authorisation server
In exim usage that's a test on a certextract of the issuer of $tls_in_peercert, either just in ACL or as part of the serer_condition for an authenticator using the tls driver. For either, the TLS session has to have been accepted first. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/