> On Mar 29, 2019, at 11:18 PM, Phil Pennock via Exim-users
> wrote:
>
> With OpenSSL, as Jeremy hints at: the behaviour depends entirely upon
> whether you provide the library with "a file containing all valid certs"
> or "a directory within which we can look for files matching a hash of
> the
On 2019-03-29 at 13:44 +, Richard Jones via Exim-users wrote:
> I was hoping to be able to validate them, yes. It just seems overkill to
> also offer every root CA installed.
>
> If it's a choice of one cert or all, then clearly this isn't the end of
> the world, and thanks!
This is a crypto
On 29/03/2019 13:44, Richard Jones via Exim-users wrote:
> On Mar 29, Jeremy Harris via Exim-users wrote
>> You are presumably setting up to request client certs (this is the CAs
>> list that you'll be verifying client certs against). The idea is that
>> the server tells the client what
On Mar 29, Jeremy Harris via Exim-users wrote
> You are presumably setting up to request client certs (this is the CAs
> list that you'll be verifying client certs against). The idea is that
> the server tells the client what authorities might be acceptable, so
> that the client can pick among
On 29/03/2019 12:08, Richard Jones via Exim-users wrote:
> As per the Exim and Debian documentation and defaults, I've set the
> following:
>
> MAIN_TLS_VERIFY_CERTIFICATES = ${if
> exists{/etc/ssl/certs/ca-certificates.crt}\
> {/etc/ssl/certs/ca-certificates.crt}\
> {/dev/null}}
>
Hi,
As per the Exim and Debian documentation and defaults, I've set the
following:
MAIN_TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt}\
{/etc/ssl/certs/ca-certificates.crt}\
{/dev/null}}
.endif
tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES