[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLS in smtpserver



On 13-May-99 at 22:39, Matti Aarnio (mea@nic.funet.fi) wrote:

> I still don't know how to pull out the client certificate -- sure,
> it is in 'peer' item, but *which* of the fields..  (see smtptls.c)
> I don't have (myself) any personal "official" client certificate,
> which I could use to test the thing.

X509 *peer;
...
char *certstr=(char *)X509_NAME_oneline(X509_get_subject_name(peer),NULL,0);

or are you talking of something else?

>      The policy code contains a simple test: "authentication has
>      been successfull ("authuser" variable is non NULL), allow
>      open relaying."

That will do (what we all want is allow roaming users send their
mail, right?)

>      Damn, I just realized that I made ZMailer into a "forbidden to
>      (re-)export from USA" item, because now it contains hooks for
>      traffic encryption, never mind that it is a side result from
>      allowing secure "AUTH LOGIN" with plaintext passwords...

That's OK unless you are going to move to the US like Linus did :)
If yes, then we're all in big trouble.

Eugene