On 24/12/14 12:07, Roman Rybalko (exim) wrote: > I'd like to configure certificate blacklist. I need to have Subject > certificate field available for every incoming certificate, even for > unverified. > Now it is implemented in a way, that $tls_in_peerdn is unavailable when > the certificate fails to be verified. > > Is it possible to make tls_in_peerdn available for unverified > certificates also? Won't it break something? > If it is OK, I'll provide a patch.
There's a slight issue: verification can fail at any link on the certificate chain. It's not certain we'll get as far as knowing the leaf certificate. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
