3 Apr
2007
3 Apr
'07
12:45 p.m.
On Tue, 2007-04-03 at 09:47 +0200, Johnny Chadda wrote:
Hello,
I'm setting up Dovecot with client certificates and everything is working fine as long as the client only has one certificate in his store. If he has more than one, the wrong one might be sent to the server.
The root of the problem is that Dovecot does not send out a list of valid CA names in the TLS handshake.
If I connect using openssl s_client I get:
"No client certificate CA names sent"
Well, I'm not that big of an OpenSSL guru, but googling shows that with other software it's often a certificate configuration problem.
Did you set ssl_ca_file and does the file contain a valid CA and CRL?