SSL error after upgrading to 2.31
Hauke Fath
hf at spg.tu-darmstadt.de
Mon May 28 13:05:30 EEST 2018
On 05/28/18 11:08, Aki Tuomi wrote:
>
>
> On 28.05.2018 12:06, Hauke Fath wrote:
>> On 05/21/18 17:55, Aki Tuomi wrote:
>>> ssl_ca is used only for validating client certificates.
>>
>> But it was used (though not documented, IIRC) for validating server
>> certs, too. Since intermediate CA certs are usually valid a lot longer
>> than the server certs, having to concat the certs is awkward, at best.
>
> As far as I know, it has never been working as replacement for adding
> the chain to cert file.
Well, you know your code better than I. ;)
But it has worked for us here pre-2.3 (see
<https://www.dovecot.org/pipermail/dovecot/2018-January/110638.html>
ff., and confirmed by
<https://www.dovecot.org/pipermail/dovecot/2018-January/110720.html>).
And from an admin POV, it makes a lot of sense to keep the intermediate
cert chain separate from the server cert.
Cheerio,
hauke
--
The ASCII Ribbon Campaign Hauke Fath
() No HTML/RTF in email Institut für Nachrichtentechnik
/\ No Word docs in email TU Darmstadt
Respect for open standards Ruf +49-6151-16-21344
More information about the dovecot
mailing list