Re: smtpd_tls_req_ccert and smtpd_tls_auth_only

From: Victor Duchovni (no email)
Date: Thu Sep 22 2005 - 12:33:38 EDT

  • Next message: Matej Kovac: "virtual_alias_maps & local users in mysql"

    On Thu, Sep 22, 2005 at 06:31:04PM +0200, Carlos Pe?n Costa wrote:

    >
    > >> >... It's possible to use client certs without enforce tls?
    > >>
    > >> Reading carefully the docs its seems not possible
    > >>
    > >
    > >This is not true. You can request client certs and use them if the client
    > >offers them, but only to give the client more access. Restricting what
    > >the client does based on its certificate is not an option unless client
    > >certificates and TLS are mandatory.
    >
    > I want to say "It's possible to use client certs in a tls connection that
    > is not enforced?"

    Yes, it is.

    > It seems a configuration issue, if postfix is configured to enforce tls it
    > checks client certs. If tls is optional, when the tls connections is
    > established it does not check client certs.
    >

    Define "check client certs"? My server does not enforce TLS, and uses
    check_ccert_access to grant some clients more access.

    -- 
    	Viktor.
    Disclaimer: off-list followups get on-list replies or get ignored.
    Please do not ignore the "Reply-To" header.
    To unsubscribe from the postfix-users list, visit
    http://www.postfix.org/lists.html or click the link below:
    <mailto:?body=unsubscribe%20postfix-users>
    If my response solves your problem, the best way to thank me is to not
    send an "it worked, thanks" follow-up. If you must respond, please put
    "It worked, thanks" in the "Subject" so I can delete these quickly.
    

  • Next message: Matej Kovac: "virtual_alias_maps & local users in mysql"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD