[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TLS in smtpserver
On 13-May-99 at 22:39, Matti Aarnio (mea@nic.funet.fi) wrote:
> I still don't know how to pull out the client certificate -- sure,
> it is in 'peer' item, but *which* of the fields.. (see smtptls.c)
> I don't have (myself) any personal "official" client certificate,
> which I could use to test the thing.
X509 *peer;
...
char *certstr=(char *)X509_NAME_oneline(X509_get_subject_name(peer),NULL,0);
or are you talking of something else?
> The policy code contains a simple test: "authentication has
> been successfull ("authuser" variable is non NULL), allow
> open relaying."
That will do (what we all want is allow roaming users send their
mail, right?)
> Damn, I just realized that I made ZMailer into a "forbidden to
> (re-)export from USA" item, because now it contains hooks for
> traffic encryption, never mind that it is a side result from
> allowing secure "AUTH LOGIN" with plaintext passwords...
That's OK unless you are going to move to the US like Linus did :)
If yes, then we're all in big trouble.
Eugene