Bug with 2.2.29-1~auto+25 back to haunt me
Ralf Hildebrandt
Ralf.Hildebrandt at charite.de
Thu Jun 1 13:42:34 EEST 2017
* Aki Tuomi <aki.tuomi at dovecot.fi>:
> > > So I added
> > > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt
> > >
> > > But alas:
> > > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:36: ssl_ca_file has been replaced by ssl_ca = <file
> > >
> > > Gnarf! As you can see I do HAVE ssl_ca in my doveconf -n output!
> > >
> > > ssl_ca = </etc/ssl/certs/ca-certificates.crt
> > >
> > > So what gives?
> >
> > It seems to be similar to:
> > https://www.dovecot.org/pipermail/dovecot/2017-March/107488.html
> >
> > "Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)"
> >
> > --
> > Ralf Hildebrandt
> > Geschäftsbereich IT | Abteilung Netzwerk
> > Charité - Universitätsmedizin Berlin
> > Campus Benjamin Franklin
> > Hindenburgdamm 30 | D-12203 Berlin
> > Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
> > ralf.hildebrandt at charite.de | https://www.charite.de
> >
>
> Hi.
>
> passdb imap was changed to verify remote SSL cert by default (yeah, it
> kinda didn't do this before). It requires a ssl_ca_file or ssl_ca_dir
> setting in args. Or you can disable this behaviour with
> allow_invalid_cert.
I did specify "ssl_ca_file", but then dovecot said "ssl_ca_file has been replaced by ssl_ca = <file" -- so I used that and it wouldn't work
either!
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt at charite.de | https://www.charite.de
More information about the dovecot
mailing list