[Dovecot] No CA names sent in TLS handshake
Timo Sirainen
tss at iki.fi
Tue Apr 3 12:45:04 EEST 2007
On Tue, 2007-04-03 at 09:47 +0200, Johnny Chadda wrote:
> Hello,
>
> I'm setting up Dovecot with client certificates and everything is
> working fine as long as the client only has one certificate in his
> store. If he has more than one, the wrong one might be sent to the server.
>
> The root of the problem is that Dovecot does not send out a list of
> valid CA names in the TLS handshake.
>
> If I connect using openssl s_client I get:
>
> "No client certificate CA names sent"
Well, I'm not that big of an OpenSSL guru, but googling shows that with
other software it's often a certificate configuration problem.
Did you set ssl_ca_file and does the file contain a valid CA and CRL?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20070403/c2cd0722/attachment.pgp
More information about the dovecot
mailing list