Alexander Leidinger:
> Am 2023-11-30 16:53, schrieb Wietse Venema via Postfix-users:
> > Alexander Leidinger via Postfix-users:
> >> What is wrong here that [tlsproxy] doesn't establish a trusted
> >> connection
> >> to the github mailservers when posttls-finger is able to do that with
> >> the same cert store?
> >
> > Because there are differences between tlsproxy and posttls-finger.
> >
> > 1) Different executable files may be subject to different SeLinux,
> > AppArmor etc. policies.
>
> This is FreeBSD, no different policies.
>
> > 2) Different privileges: tlsproxy runs as the "postfix" user,
> > posttls-finger as "root".
>
...
> > 3) Different certificate stores, when tlsproxy may runs chrooted,
> > and posttls-finger does not.
As Viktor poointed out
4) Diferent certificate match expectations.
Wietse
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
