Zach Bagnall wrote:

On Thu, 20 Nov 2003 18:28:51 +0200, Timo Sirainen tss@iki.fi wrote:

...

What exactly does this patch do? Gives client a list of accepted CAs, but it doesn't look like it actually requires client to provide a valid certificate?

On Tue, 18 Nov 2003 11:03:08 +1300, James Tyson james@giantrobot.co.nz wrote:

...

Also, is there a configuration directive for dovecot to add the issuers ca bundle similar to apache's SSLCACertificateFile?

I'm no SSL expert, but I took the requested feature to be a way to "make additional certificates available in order to complete a certificate chain".

I had trouble with an instantssl cert, and found that what I needed to do was to also include all the certs up the chain in the .pem file, in a certain order, to keep the client from complaining about an invalid certificate. The first certificate in the pem file should be the the server certificate, followed by its chain starting from the root certificate down. Works for me without the need for patches (though something like SSLCACertificateFile would be nice).

Matt