[Dovecot] 2.0.alpha3 ssl_ca_file is broken - dovecot - dovecot.org

newer
[Dovecot] plugin cmusieve not found

[Dovecot] 2.0.alpha3 ssl_ca_file is broken

older
[Dovecot] automatically compiling...

Mike Abbott

17 Nov 2009 17 Nov '09

9:38 p.m.

In dovecot-2.0.alpha3, setting "ssl_ca_file = /path/to/file" in conf.d/ssl.conf does not work, because imap-login chroots before opening the ca_file. Perhaps this parameter could be replaced with "ssl_ca =

Tue Nov 17 11:19:38 server dovecot[1143]: imap-login: Fatal: Error reading configuration: Invalid settings: ssl_ca_file: access(/path/to/file) failed: No such file or directory

Reply

Sign in to reply online Use email software

Show replies by date

Timo Sirainen

17 Nov 17 Nov

9:45 p.m.

On Tue, 2009-11-17 at 13:38 -0600, Mike Abbott wrote:

In dovecot-2.0.alpha3, setting "ssl_ca_file = /path/to/file" in conf.d/ssl.conf does not work, because imap-login chroots before opening the ca_file. Perhaps this parameter could be replaced with "ssl_ca =

Hmm. How do people use the ssl_ca_file in general? Does it have only a single CA (or a couple) or does is it some huge file? I'd guess this would be similar to certs/keys, so that if you're using multiple certs, each IP would be using one CA, one cert, one key. Right?

I'm just mainly worried about config process having to send some huge CA file.

Reply

Sign in to reply online Use email software

Mike Abbott

11:07 p.m.

Hmm. How do people use the ssl_ca_file in general? Does it have only a single CA (or a couple) or does is it some huge file?

I don't know about other people, but I have only ever used single-entry CA files.

Reply

Sign in to reply online Use email software

5484

Age (days ago)

5484

Last active (days ago)

2 comments

2 participants

tags

participants (2)

Mike Abbott
Timo Sirainen