[Dovecot] 2.0.alpha3 ssl_ca_file is broken
In dovecot-2.0.alpha3, setting "ssl_ca_file = /path/to/file" in conf.d/ssl.conf does not work, because imap-login chroots before opening the ca_file. Perhaps this parameter could be replaced with "ssl_ca = </path/to/file" as was done with ssl_cert and ssl_key.
Tue Nov 17 11:19:38 server dovecot[1143]: imap-login: Fatal: Error reading configuration: Invalid settings: ssl_ca_file: access(/path/to/file) failed: No such file or directory
On Tue, 2009-11-17 at 13:38 -0600, Mike Abbott wrote:
In dovecot-2.0.alpha3, setting "ssl_ca_file = /path/to/file" in conf.d/ssl.conf does not work, because imap-login chroots before opening the ca_file. Perhaps this parameter could be replaced with "ssl_ca = </path/to/file" as was done with ssl_cert and ssl_key.
Hmm. How do people use the ssl_ca_file in general? Does it have only a single CA (or a couple) or does is it some huge file? I'd guess this would be similar to certs/keys, so that if you're using multiple certs, each IP would be using one CA, one cert, one key. Right?
I'm just mainly worried about config process having to send some huge CA file.
participants (2)
-
Mike Abbott
-
Timo Sirainen