[horde] An Easy Way For Client Cert Auth?

[Vilius Šumskas]

> Hello Andreas,
> 
> IMAP server accepts an arbitrary password. This IMAP server is reachable
> for Horde only, because it listens on localhost only. Horde uses email
> attribute from certificate. Of course security of that solution depends
> on certification authority and it is my own CA.

Nice setup there. I'm just curious, won't $_SERVER["HTTP_SSL_CLIENT_S_DN_EMAIL"] be easy to fake from the client?

-- 
   Vilius