[Dovecot] Client certificate verification/authentication
eizert
eizert at free.fr
Mon Jun 4 12:39:38 EEST 2007
Timo Sirainen a écrit :
> On Tue, 2007-05-29 at 12:06 +0200, eizert wrote:
>
>> Not in Dovecot...
>> In my log, i've simply :
>> dovecot: auth(default): Client didn't present valid SSL certificate
>>
>
> Set verbose_ssl=yes and it should log more. It should then log either
> "Invalid certificate" or "Valid certificate". If it logged neither, then
> your client didn't send a certificate at all.
>
>
I've set this option.
I've create certificate signed trusted and set CA and create CRL. I have
put CRL in the CA certificate by cat ca-crl.pem >> ca.crt.pem
Also my MUA use CRL with https://myhostname/crl.der
But i've simply this information in my log : Client didn't present valid
SSL certificate
Very hard to debug.
When if i turn off ssl_verify_client_cert and ssl_require_client_cert
(but only ss_require_client_cert posed a problem) I think that
ss_verify_client_cert it's
simply X509 verify but i'm not sure, i don't read the source...
I try to compile dovecot with no CRLs usage for test it.
More information about the dovecot
mailing list