[Dovecot] No CA names sent in TLS handshake

Timo Sirainen tss at iki.fi
Tue Apr 3 12:56:09 EEST 2007


On Tue, 2007-04-03 at 11:50 +0200, Johnny Chadda wrote:
> Timo Sirainen wrote:
> > Well, I'm not that big of an OpenSSL guru, but googling shows that with
> > other software it's often a certificate configuration problem.
> > 
> > Did you set ssl_ca_file and does the file contain a valid CA and CRL?
> 
> Yes, the certificates are Ok. It works if I explicitly select which 
> client certificate to send to the server from the mail client.
> 
> Normal users shouldn't have to do this though. It should be selected 
> based on which accepted CA names the server sends. It works fine in 
> Cyrus (which I will use if this does not work) and Postfix.

Does the attached patch fix it?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssl-client-ca-list.diff
Type: text/x-patch
Size: 690 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20070403/1ec07d9c/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20070403/1ec07d9c/attachment.pgp 


More information about the dovecot mailing list