[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TLS in smtpserver
On 12-May-99 at 23:22, Matti Aarnio (mea@nic.funet.fi) wrote:
> > I'd like to suggest including the connection/auth information into
> > the Received header: auth name, SSLvX/TLS/unencrypted and client's
> > certificate in "oneline" format it available.
>
> Yes and no, that is actually a fairly sizable can of worms.
> Perhaps with a runtime option (PARAM), which local admin
> can decide if that information if ok at the Received: header:
Sounds very reasonable. (The same apply to my "whoson" info, BTW).
> > As far as I understand, by default ssl headers are installed in
> > /usr/local/ssl/include/ and not in /usr/local/ssl/include/openssl/
> > where you are expecting them. This affects configure script and
> > smtpserver/smtpserver.h
>
> I used this source:
>
> #!/bin/sh
> rsync -rlztpv --delete dev.openssl.org::openssl-cvs/
> /home/mea/src/CVSROOT-OPENSSL/
>
> (then 'cvs co openssl' out of that repository)
>
> Yep, it isn't 0.9.2b, it is something towards 0.9.3 ...
The bad thing is that "openssl/ssl.h" is hardcoded in smtpserver.h, so
you cannot workaround with configure options. Ideally, configure should
find the header file and set either -I$(openssl_prefix)/include or
-I$(openssl_prefix)/include/openssl in the Makefile. smtpserver.h would
only have "#include <ssl.h>".
Another question: how do you actually use auth? Can you, e.g., require
auth for a specific set of networks? How do you tell to the policy
checker that if auth is used, then the source is "trusted"? Any docs?
Eugene