HenkJan Wolthuis wrote:
Hello,
Note that the certificates are all valid and have not expired. The <user cert> is signed by the <CA cert> and we set ssl_ca_file to the CA certificate PEM file.
CRL checking was introduced somewhere after beta8, if you use openssl > 0.9.7 the ssl_ca_file should contain the CAcertificate _and_ the CRL for your CA, both in PEM format. Hope this helps,
Thanks for the hint, HenkJan !
Adding the CRL PEM to the certificate file indeed fixes the problem with ssl_require_client_cert = yes not working.
dovecot now reports valid certificates. The invalid certificate notices are gone.
-- Marc-Andre Lemburg eGenix.com
Professional Python Services directly from the Source (#1, Jul 31 2006)
Python/Zope Consulting and Support ... http://www.egenix.com/ mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,FreeBSD for free ! ::::