On 23/03/2010 16:41, Victor Duchovni wrote:
Having noticed the many pitfalls of parsing X.509 certs, and written
careful code to parse them (and avoided Postfix being linked to
vulnerabilities later found in most certificate parsers), I am reluctant
to ask Postfix users to write robust X.509
On Fri, Mar 26, 2010 at 12:52:55PM +0100, Dick Visser wrote:
Having noticed the many pitfalls of parsing X.509 certs, and written
careful code to parse them (and avoided Postfix being linked to
vulnerabilities later found in most certificate parsers), I am reluctant
to ask Postfix users
Hi guys
At the moment we use SASL authentication to allow our users to
send mail through our mailer (Postfix 2.5). I would like to extend this
to using client certificates for authentication as well.
Our users have personal certificates that are signed by a the TERENA
Personal CA. Due to the
Dick Visser:
Hi guys
At the moment we use SASL authentication to allow our users to
send mail through our mailer (Postfix 2.5). I would like to extend this
to using client certificates for authentication as well.
Our users have personal certificates that are signed by a the TERENA
On Tue, Mar 23, 2010 at 10:10:44AM -0400, Wietse Venema wrote:
* issuer TERENA Personal CA
* O=TERENA
* C=NL
I guess what I am looking for is a new restriction called something like
check_ccert_attr, that would use user defined attributes to take
decisions. That would be really
