Timo Sirainen a écrit :
On Tue, 2007-05-29 at 12:06 +0200, eizert wrote:
Not in Dovecot... In my log, i've simply : dovecot: auth(default): Client didn't present valid SSL certificate
Set verbose_ssl=yes and it should log more. It should then log either "Invalid certificate" or "Valid certificate". If it logged neither, then your client didn't send a certificate at all.
I've set this option.
I've create certificate signed trusted and set CA and create CRL. I have put CRL in the CA certificate by cat ca-crl.pem >> ca.crt.pem Also my MUA use CRL with https://myhostname/crl.der
But i've simply this information in my log : Client didn't present valid SSL certificate
Very hard to debug.
When if i turn off ssl_verify_client_cert and ssl_require_client_cert (but only ss_require_client_cert posed a problem) I think that ss_verify_client_cert it's simply X509 verify but i'm not sure, i don't read the source...
I try to compile dovecot with no CRLs usage for test it.