On 2013-10-10 at 16:17 +0100, John Burnham wrote:
> As it says in the docs:
> Great care should be taken to deal with matters of case, various injection
> attacks in the string (../ or SQL), and ensuring that a valid filename can
> always be referenced; it is important to remember that $tls_sni is arbitrary
> unverified data provided prior to authentication.
>
> ---
> So you could have
> Tls_privatekey = /etc/exim/keys/${tls_sni}
> Tls_certificate = /etc/exim/certs/${tls_sni}
> Or something fancier with lookups and defaults and all that sort of thing
> (and that does some sanity checking of the contents of $tls_sni - especially
> if you're using a SQL based lookup).
Note that the SNI field in TLS is just a text string, so could easily be
"../../../../../etc/passwd".
Regards,
-Phil
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
