On 22 Sep 2015, at 01:11, Alex Bulan <avb@korax.net> wrote:
On Mon, 21 Sep 2015, Edgar Pettijohn wrote:
doveconf -n?
doveconf -n|grep ssl should suffice:
ssl = required ssl_ca = </usr/local/share/certs/ca-root-nss.crt ssl_cert = </path/to/my/file.pem ssl_key = </path/to/my/file.pem ssl_require_crl = no
I'm using "ssl_ca = </usr/local/share/certs/ca-root-nss.crt" as a temporary workaround, even though this is not what ssl_ca is for. It happens to work, at least for now, but this is not a fix.
ssl_client_ca_file should be used instead, but it has no effect in proxy mode:
Yeah. The ssl_client_ca_file was implemented later than the SSL proxying code. I think this may be something that needs to wait for v2.3 to get fixed. v2.3 hopefully removes the duplicated ssl code and uses lib-ssl-iostream for proxying also, which makes this easier to implement.