From: Victor Duchovni (no email)
Date: Thu Sep 22 2005 - 12:33:38 EDT
On Thu, Sep 22, 2005 at 06:31:04PM +0200, Carlos Pe?n Costa wrote:
> >> >... It's possible to use client certs without enforce tls?
> >> Reading carefully the docs its seems not possible
> >This is not true. You can request client certs and use them if the client
> >offers them, but only to give the client more access. Restricting what
> >the client does based on its certificate is not an option unless client
> >certificates and TLS are mandatory.
> I want to say "It's possible to use client certs in a tls connection that
> is not enforced?"
Yes, it is.
> It seems a configuration issue, if postfix is configured to enforce tls it
> checks client certs. If tls is optional, when the tls connections is
> established it does not check client certs.
Define "check client certs"? My server does not enforce TLS, and uses
check_ccert_access to grant some clients more access.
-- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the "Reply-To" header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: <mailto:?body=unsubscribe%20postfix-users> If my response solves your problem, the best way to thank me is to not send an "it worked, thanks" follow-up. If you must respond, please put "It worked, thanks" in the "Subject" so I can delete these quickly.