13 Jul
2006
13 Jul
'06
9:38 a.m.
HenkJan Wolthuis wrote:
In case you want the ssl-verify error in the logfiles:
in src/logincommon/ssl-proxy-openssl.c, line 607
change: i_info("Invalid certificate: %s", buf); to: i_info("Invalid certificate: %s: %s, X509_verify_cert_error_string(ctx->error) ,buf);
should help, (tested on beta8) (don't forget to recompile, install, restart ;-))
success!
Basicailly, as you suggested offline, this is the solution:
OK, maybe openssl needs crl's for all ca-certificates? (i don't have experience with intermediate ca's or ca-chains.) so the neworder in the ssl_ca file would be: 1 intermediate ca 2 root ca 3 intermediate-crl 4 root crl
And Bob's your aunt. It works like a charm here now. :)
-A