[Dovecot] Authentication by certificats (a bug or my misconfiguration)

HenkJan Wolthuis hj.wolthuis at kaw.nl
Tue Jul 11 12:10:47 EEST 2006


Hi Alexander,

>
> Thanks for the quick reply; rearranging the certs didn't seem to do 
> much for the setup; I guess I'm getting one thing wrong, which was the 
> cause for my followup. How can I make dovecot only rely on cert and no 
> furhter authentication for giving access to the user, when making 
> dovecot lift the user ID from the client cert?

Hmm, i don't think that's the reason for the "invalid certificate" 
error. Another question: are the clientcertificates and the 
servercertificate signed by the same CA?

In case you want the ssl-verify error in the logfiles:

in src/logincommon/ssl-proxy-openssl.c, line 607

change:
i_info("Invalid certificate: %s", buf);
to:
i_info("Invalid certificate: %s: %s, 
X509_verify_cert_error_string(ctx->error) ,buf);

should help, (tested on beta8) (don't forget to recompile, install, 
restart ;-))

success!

-- 

groeten,

HenkJan Wolthuis



More information about the dovecot mailing list