CRLFile
Location of Certificate Revocation file V8.13 and later
Beginning with V8.13, sendmail supports use of the
certificate revocation lists available with
OpenSSL[368] version 0.9.7 and above. The new
CRLFile option
allows you to declare the location and name of a
certificate revocation list file.
When an inbound connection is received by sendmail, and when the
connecting host requests a secure session by giving
the STARTTLS command, the local sendmail (by way of the
OpenSSL library) uses the information in CRLFile to determine
whether the connecting host’s certificate should be
accepted or rejected.
The file specified by the CRLFile option is created using the
openssl(1)
command. After the file has been created, you need
to declare its location like this:
O CRLFile=/path/file ← configuration file (V8.13 and later) -OCRLFile=/path/file ← command line (V8.13 and later) define(`confCRL',`/path/file') ← mc configuration (V8.13 and later)
Here, /path/file is of type
string and
specifies the full-path location of the certificate
revocation list file. By default, the CRLFile option is not
declared. But if the file is declared using this
CRLFile option,
and does not exist or is unreadable or has bad
permissions, all STARTTLS commands are disallowed by
sendmail.
Note that the /path/file
argument may contain sendmail macros, and those macros will
be expanded as the configuration file is
read.
If your version of OpenSSL is too old, the following warning will print when you try to declare the ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
