On Thu, 20 Nov 2003 18:28:51 +0200, Timo Sirainen tss@iki.fi wrote:
What exactly does this patch do? Gives client a list of accepted CAs, but it doesn't look like it actually requires client to provide a valid certificate?
On Tue, 18 Nov 2003 11:03:08 +1300, James Tyson james@giantrobot.co.nz wrote:
Also, is there a configuration directive for dovecot to add the issuers ca bundle similar to apache's SSLCACertificateFile?
I'm no SSL expert, but I took the requested feature to be a way to "make additional certificates available in order to complete a certificate chain".
The apache equivalent, SSLCACertificateFile refers (http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslcacertificatefile )to client authentication but that is just one use.
For example, Verisign 128 bit certs require an "intermediate certificate" to be loaded into Apache to complete the chain and be accepted by SSL clients. See http://www.verisign.com/support/install/apache/v00g.html
The ssl_ca_file option is just that - a way to make extra certs available when required.
Zach.