[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLS in smtpserver

On 12-May-99 at 23:22, Matti Aarnio (mea@nic.funet.fi) wrote:

> > I'd like to suggest including the connection/auth information into
> > the Received header: auth name, SSLvX/TLS/unencrypted and client's
> > certificate in "oneline" format it available.
>      Yes and no, that is actually a fairly sizable can of worms.
>      Perhaps with a runtime option (PARAM), which local admin
>      can decide if that information if ok at the Received: header:

Sounds very reasonable.  (The same apply to my "whoson" info, BTW).

> > As far as I understand, by default ssl headers are installed in
> > /usr/local/ssl/include/  and not in /usr/local/ssl/include/openssl/
> > where you are expecting them.  This affects configure script and
> > smtpserver/smtpserver.h
> I used this source:
> #!/bin/sh
> rsync -rlztpv --delete dev.openssl.org::openssl-cvs/
> /home/mea/src/CVSROOT-OPENSSL/ 
> (then 'cvs co openssl' out of that repository)
> Yep, it isn't 0.9.2b, it is something towards 0.9.3 ...

The bad thing is that "openssl/ssl.h" is hardcoded in smtpserver.h, so
you cannot workaround with configure options.  Ideally, configure should
find the header file and set either -I$(openssl_prefix)/include or
-I$(openssl_prefix)/include/openssl in the Makefile.  smtpserver.h would
only have "#include <ssl.h>".

Another question: how do you actually use auth?  Can you, e.g., require
auth for a specific set of networks?  How do you tell to the policy
checker that if auth is used, then the source is "trusted"?  Any docs?