[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: submission vs smtp
|
From: |
Ken Hornstein |
|
Subject: |
Re: submission vs smtp |
|
Date: |
Thu, 05 Jun 2025 14:37:57 -0400 |
>- Do we support client certificate submission during TLS negotation?
> No. If this is what you want ... well, I'm a little surprised, as I
> work in an environment that makes heavy use of TLS client certificates
> and as far as I know this is never done for SMTP (web servers, yes, but
> SMTP, no). I would have to look at what it would take to add that. I
> imagine there are a few bits of magic you need to tell the TLS library
> where the certificate and private key are located.
I was curious so I looked into that.
Assuming you don't want to use something like a PKCS#11 hardware token,
adding support for this is relatively straightforward via a few APIs.
It gets more complicated if you (a) want to pick from several certificates
based on the list of CAs sent by the server or (b) if the private key
is encrypted.
--Ken
- submission vs smtp, Michael Richardson, 2025/06/05
- Re: submission vs smtp, Ken Hornstein, 2025/06/05
- Re: submission vs smtp,
Ken Hornstein <=
- Message not available
- Re: submission vs smtp, Andy Bradford, 2025/06/08
- Re: submission vs smtp, Michael Richardson, 2025/06/08
- Re: submission vs smtp, Stephen Gildea, 2025/06/08