On 2012-04-16 21:51, Jeremy Harris wrote:
Agreed this is an issue. I'd like a string-expansion for testing a peer's cert against a specified name (using any of the CN + SAN-set, as it happens). Then where the name comes from is a separable policy item.
While I think of it, I'm also thinking of writing an authenticator which (server-side only) accepts iff a TLS connection is present and the client has presented a certificate valid for one of a given (as an authenticator option) list of names. Does this sound like a valid use-case for certificates? -- Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
