diff options
| author | Andreas Metzler <ametzler@downhill.at.eu.org> | 2013-10-12 09:01:02 +0200 |
|---|---|---|
| committer | Andreas Metzler <ametzler@downhill.at.eu.org> | 2013-10-12 09:01:02 +0200 |
| commit | 1bf703e89cdb30910be5ff4a25ef00a9f831138d (patch) | |
| tree | 5188889a176511074544b7c42d60e17f7652e2d4 | |
| parent | 030a4f0cc5287b08382ba16dae330d24ff5991b1 (diff) | |
| download | exim4-1bf703e89cdb30910be5ff4a25ef00a9f831138d.tar.gz | |
send client certificates.
Add macros for sending a client certificate on outgoing TLS connections.
(REMOTE_SMTP_TLS_CERTIFICATE/REMOTE_SMTP_PRIVATEKEY,
REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE/REMOTE_SMTP_SMARTHOST_PRIVATEKEY)
Closes: #677826
| -rw-r--r-- | debian/README.Debian.xml | 12 | ||||
| -rw-r--r-- | debian/changelog | 4 | ||||
| -rw-r--r-- | debian/debconf/conf.d/transport/30_exim4-config_remote_smtp | 6 | ||||
| -rw-r--r-- | debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost | 6 |
4 files changed, 28 insertions, 0 deletions
diff --git a/debian/README.Debian.xml b/debian/README.Debian.xml index 9b5aaca..30c5961 100644 --- a/debian/README.Debian.xml +++ b/debian/README.Debian.xml @@ -1107,6 +1107,13 @@ presented by the remote host is not checked unless you specify a tls_verify_certificate option on the transport. </para> + <para id="tls_client_certicate"> + To make exim send a TLS certificate to the remote host set + REMOTE_SMTP_TLS_CERTIFICATE/REMOTE_SMTP_PRIVATEKEY or for + the remote_smtp_smarthost transport + REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE/REMOTE_SMTP_SMARTHOST_PRIVATEKEY + respectively. + </para> <para> TLS on connect is not natively supported. </para> @@ -1164,6 +1171,11 @@ certificates which causes the interoperabilty problems with Outlook et.al. noted above. </para> + <para> + The server certificate is only used for incoming connections, + please consult <xref linkend="tls_client_certicate"/> for the + corresponding outgoing conncection options. + </para> </section> <section> <title>Troubleshooting</title> <para> diff --git a/debian/changelog b/debian/changelog index 8cf70de..2b84153 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,6 +7,10 @@ exim4 (4.82~rc3-1) UNRELEASED; urgency=low looking up a hostname or reverse DNS when processing a host list. Used suggestions from multiple comments on this bug. + TL/17 Bugzilla 1057 - Multiple clamd TCP targets patch from Mark Zealey. + * Add macros for sending a client certificate on outgoing TLS connections. + (REMOTE_SMTP_TLS_CERTIFICATE/REMOTE_SMTP_PRIVATEKEY, + REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE/REMOTE_SMTP_SMARTHOST_PRIVATEKEY) + Closes: #677826 -- Andreas Metzler <ametzler@debian.org> Sat, 12 Oct 2013 08:11:02 +0200 diff --git a/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp b/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp index 1b2ceae..11d72bb 100644 --- a/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp +++ b/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp @@ -39,3 +39,9 @@ dkim_sign_headers = DKIM_SIGN_HEADERS .ifdef TLS_DH_MIN_BITS tls_dh_min_bits = TLS_DH_MIN_BITS .endif +.ifdef REMOTE_SMTP_TLS_CERTIFICATE +tls_certificate = REMOTE_SMTP_TLS_CERTIFICATE +.endif +.ifdef REMOTE_SMTP_PRIVATEKEY +tls_privatekey = REMOTE_SMTP_PRIVATEKEY +.endif diff --git a/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost b/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost index 31015a4..b834249 100644 --- a/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost +++ b/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost @@ -30,3 +30,9 @@ remote_smtp_smarthost: .ifdef TLS_DH_MIN_BITS tls_dh_min_bits = TLS_DH_MIN_BITS .endif +.ifdef REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE +tls_certificate = REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE +.endif +.ifdef REMOTE_SMTP_SMARTHOST_PRIVATEKEY +tls_privatekey = REMOTE_SMTP_SMARTHOST_PRIVATEKEY +.endif |