On Mon, Jul 31, 2017, Viktor Dukhovni wrote:
> I don't know what milters expect to find in "{cert_issuer}" and
> "{cert_subject}". The CN or the full DN (and if so in what
> encoding). We provide CNs, but perhaps Sendmail provides
> DNs?
It's in the fine documentation (op.*)
${cert_issuer}
The DN (distinguished name) of the CA
(certificate authority) that signed the presented
certificate (the cert issuer) (STARTTLS only).
${cert_subject}
The DN of the presented certificate (called the
cert subject) (STARTTLS only).
....
6.7. Encoding of STARTTLS and AUTH related Macros
Macros that contain STARTTLS and AUTH related
data which comes from outside sources, e.g., all
macros containing information from certificates, are
encoded to avoid problems with non-printable or
special characters. The latter are '\', '<', '>',
'(', ')', '"', '+', and ' '. All of these characters
are replaced by their value in hexadecimal with a
leading '+'. For example:
/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/
Email=darth+c...@endmail.org
is encoded as:
/C=US/ST=California/O=endmail.org/OU=private/
CN=Darth+20Mail+20+28Cert+29/Email=darth+2bc...@endmail.org
(line breaks have been inserted for readability). The
macros which are subject to this encoding are
{cert_subject}, {cert_issuer}, {cn_subject},
{cn_issuer}, as well as {auth_authen} and
{auth_author}.
