[Dovecot] Authentication by certificats (a bug or my misconfiguration)
Alexander Hoogerhuis
alexh at boxed.no
Thu Jul 13 09:38:25 EEST 2006
>> HenkJan Wolthuis wrote:
>>
>> In case you want the ssl-verify error in the logfiles:
>>
>> in src/logincommon/ssl-proxy-openssl.c, line 607
>>
>> change:
>> i_info("Invalid certificate: %s", buf);
>> to:
>> i_info("Invalid certificate: %s: %s,
>> X509_verify_cert_error_string(ctx->error) ,buf);
>>
>> should help, (tested on beta8) (don't forget to recompile, install,
>> restart ;-))
>>
>> success!
>>
>
Basicailly, as you suggested offline, this is the solution:
> OK, maybe openssl needs crl's for all ca-certificates? (i don't have experience with intermediate ca's or ca-chains.)
> so the neworder in the ssl_ca file would be:
> 1 intermediate ca
> 2 root ca
> 3 intermediate-crl
> 4 root crl
And Bob's your aunt. It works like a charm here now. :)
-A
More information about the dovecot
mailing list