[Pkg-exim4-users] tls_verify_certificates = system
Calum Mackay
calum.mackay at cdmnet.org
Mon Sep 7 16:30:37 UTC 2015
thanks for the reply, Marc,
On 07/09/2015 11:06, Marc Haber wrote:
>> MAIN_TLS_VERIFY_CERTIFICATES = system
>>
>> as per spec Ch.14.
>
> This pointed exim to a certificates file called "system". Is that
> what you wanted?
>
> I might have overlooked it, but spec.txt chapter 14 does not seem to
> indicate that "system" is a valid or special setting.
Ch.14 says, for tls_verify_certificates:
> The value of this option is expanded, and must then be either the
> word "system" or the absolute path to a file or directory containing
> permitted certificates for clients that match tls_verify_hosts or
> tls_try_verify_hosts.
>
> The "system" value for the option will use a system default location
> compiled into the SSL library. This is not available for GnuTLS
> versions preceding 3.0.20, and will be taken as empty; an explicit
> location must be specified.
This "system" value is new in 4.86, which is what I'm running (sid).
I read this as a tidy way to avoid hard-coding the Debian
ca-certificates location into the config. It's not a big deal, obviously.
thanks much,
cheers,
calum.
More information about the Pkg-exim4-users
mailing list