[Dovecot] Client certificate verification/authentication

eizert eizert at free.fr
Mon Jun 4 12:39:38 EEST 2007


Timo Sirainen a écrit :
> On Tue, 2007-05-29 at 12:06 +0200, eizert wrote:
>   
>> Not in Dovecot...
>> In my log, i've simply :
>> dovecot: auth(default):  Client didn't present valid SSL certificate
>>     
>
> Set verbose_ssl=yes and it should log more. It should then log either
> "Invalid certificate" or "Valid certificate". If it logged neither, then
> your client didn't send a certificate at all.
>
>   
I've set this option.

I've create certificate signed trusted and set CA and create CRL. I have 
put CRL in the CA certificate by cat ca-crl.pem >> ca.crt.pem
Also my MUA use CRL with https://myhostname/crl.der

But i've simply this information in my log : Client didn't present valid 
SSL certificate

Very hard to debug.

When if i turn off  ssl_verify_client_cert and ssl_require_client_cert 
(but only ss_require_client_cert posed a problem) I think that 
ss_verify_client_cert it's
simply X509 verify but i'm not sure, i don't read the source...

I try to compile dovecot with no CRLs usage for test it.


More information about the dovecot mailing list