Re: Bug with 2.2.29-1~auto+25 back to haunt me

2 Jun 2017

      ...
On June 1, 2017 at 1:42 PM Ralf Hildebrandt Ralf.Hildebrandt@charite.de wrote:

Aki Tuomi aki.tuomi@dovecot.fi:

...
...
...
So I added
ssl_ca_file = /etc/ssl/certs/ca-certificates.crt
But alas:
May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:36: ssl_ca_file has been replaced by ssl_ca = 
Gnarf! As you can see I do HAVE ssl_ca in my doveconf -n output!
ssl_ca = 
So what gives?
It seems to be similar to:
https://www.dovecot.org/pipermail/dovecot/2017-March/107488.html
"Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)"
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt@charite.de | https://www.charite.de
Hi.
passdb imap was changed to verify remote SSL cert by default (yeah, it
kinda didn't do this before). It requires a ssl_ca_file or ssl_ca_dir
setting in args. Or you can disable this behaviour with
allow_invalid_cert.
I did specify "ssl_ca_file", but then dovecot said "ssl_ca_file has been replaced by ssl_ca = 
--
Ralf Hildebrandt
I ment
passdb {
driver = imap
args = ... ssl_ca_file=/path/to/ca
}
Aki