[Dovecot] 2.0.alpha3 ssl_ca_file is broken

Timo Sirainen tss at iki.fi
Tue Nov 17 21:45:46 EET 2009


On Tue, 2009-11-17 at 13:38 -0600, Mike Abbott wrote:
> In dovecot-2.0.alpha3, setting "ssl_ca_file = /path/to/file" in conf.d/ssl.conf does not work, because imap-login chroots before opening the ca_file.  Perhaps this parameter could be replaced with "ssl_ca = </path/to/file" as was done with ssl_cert and ssl_key.

Hmm. How do people use the ssl_ca_file in general? Does it have only a
single CA (or a couple) or does is it some huge file? I'd guess this
would be similar to certs/keys, so that if you're using multiple certs,
each IP would be using one CA, one cert, one key. Right?

I'm just mainly worried about config process having to send some huge CA
file.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20091117/8a14bbf7/attachment.bin 


More information about the dovecot mailing list