On 18/08/17 20:41, Patrick Pfeifer via Exim-users wrote: > Anyhow, it could be > arranged for the feature to only be effective for the opposite case > (i.e. |tls_in_sni| NOT appearing in the main section’s tls_certificate > option, couldn't it?
No. It can still depend on other external factors, due to an expansion that doesn't happen to need SNI info. Such as the peer IP, as I previously said. And even if it didn't use any expansion, we do not want to expand the attack surface by doing more work with root privs. As I previously said. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
