On Mar 29, Jeremy Harris via Exim-users wrote > You are presumably setting up to request client certs (this is the CAs > list that you'll be verifying client certs against). The idea is that > the server tells the client what authorities might be acceptable, so > that the client can pick among several client certs it might have > available for presentation. > > There's a hint in the docs that you can subvert that by using > (with OpenSSL or with recent GnuTLS) a directory full of certs > for tls_verify_certificates. > > > Of course, if you're not planning on using client certs, you don't > need any of this.
I was hoping to be able to validate them, yes. It just seems overkill to also offer every root CA installed. If it's a choice of one cert or all, then clearly this isn't the end of the world, and thanks! R -- junix.systems/privacy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
