On 8.8.2019 21.31, Hauke Fath via dovecot wrote:
On Wed, 7 Aug 2019 20:24:13 +0300 (EEST), Aki Tuomi via dovecot wrote:
i thought ssl_ca is where to put the intermediate cert? Well, it surely worked that way until v2.3...
(Sorry for duplicate mail, keyboard acted up...)
No, that has always been a mistake and it was fixed in 2.3. Our SSL pages in documentation & wiki have always recommended concatenating the intermediates with the cert. Aki, after the issue came up last time <http://dovecot.2317879.n4.nabble.com/dovecot-2-2-openssl-1-0-vs-dovecot-2-3-openssl-1-1-1-ssl-regression-tt65322.html#none>, you appeared to have changed your mind? What happened?
Cheerio, Hauke
I don't see any change of mind here.
As you can see in the quote you mentioned,
Including ssl_ca with cert is not actually a good idea, but perhaps this should indeed be mentioned in the upgrading page. Not a regression in any case.
Aki