Dovecot proxy ignores trusted root certificate store
andrew at mcnaughty.com
Mon Sep 21 11:45:29 UTC 2015
On 21/09/15 17:28, Alex Bulan wrote:
> The result is the same with or without "<" before the file path. With
> "<" the inode atime is updated at Dovecot startup, so the file is at
> least opened, but Dovecot still can't verify the cert.
> The only place in the Wiki that shows an example of ssl_client_ca_file
> is on this page, and there's no "<" in front of the file path:
> The client must be able to verify that the SSL certificate is valid, so
> you need to specify the directory containing valid SSL CA roots:
> ssl_client_ca_dir = /etc/ssl/certs # Debian/Ubuntu
> ssl_client_ca_file = /etc/pki/tls/cert.pem # RedHat
> (end quote)
Suggesting that on Redhat you should specify "the directory containing
valid SSL CA roots" by setting ssl_client_ca_file sounds kinda crazy.
Sounds like setting a file instead. So that bit of documentation should
be treated as rather suspect.
More information about the dovecot