Most SMTP clients send client certificates even when the signing CA is
not solicited. The Postfix SMTP server does not complain if the client
certificate verification fails. The key issue is coding the server-side
verification callback correctly, so that the session is not rejected
despite the unverifiable client certificate.
Thanks Victor!!!! That advise proved invaluable for the one product
vendor that I use... at some point I'll try and report this a bug on
Apache's behalf, since it also has the issue (the 2.x versions that I
tested)..
Again, many thanks!!!
ken
