Re: UnTrusted CN presented

2017-07-13 Thread Viktor Dukhovni
On Thu, Jul 13, 2017 at 09:01:40PM +0930, Mal wrote: > Would you be able to let me know how to enable the undocumented peer > metadata logfile? Not logfile, rather an additional log entry sent to the syslog mail log. > In this case, these "...established from..." entries are the remote > party s

Re: UnTrusted CN presented

2017-07-13 Thread Mal
I see.. Would you be able to let me know how to enable the undocumented peer metadata logfile ? If its a seperate logfile, that won't be an issue. I would like to see if that provides the data i am after. In this case, these "...established from..." entries are the remote party servers. Was th

Re: UnTrusted CN presented

2017-07-12 Thread Viktor Dukhovni
> On Jul 12, 2017, at 10:46 PM, Mal wrote: > > Wondering if anyone knows if it's possible to log the certificate CN > presented when Postfix logs "Untrusted TLS connection established from.." That is not currently possible. Unconditional logging of the peer certificate metadata is possible,

UnTrusted CN presented

2017-07-12 Thread Mal
Wondering if anyone knows if it's possible to log the certificate CN presented when Postfix logs "Untrusted TLS connection established from.." Postifx logs the 'UnTrusted' event well, but I'd like to know if you can see the CN of the certificate presented by the other party.. Regards, Mal