Dovecot proxy ignores trusted root certificate store

Edgar Pettijohn edgar at pettijohn-web.com
Mon Sep 21 21:07:08 UTC 2015


doveconf -n?

On 09/21/2015 12:45 PM, Alex Bulan wrote:
> On Mon, 21 Sep 2015, Andrew McN wrote:
>
>>> http://wiki2.dovecot.org/Replication
>>>
>>> (quote)
>>> The client must be able to verify that the SSL certificate is valid, so
>>> you need to specify the directory containing valid SSL CA roots:
>>>
>>> ssl_client_ca_dir = /etc/ssl/certs # Debian/Ubuntu
>>> ssl_client_ca_file = /etc/pki/tls/cert.pem # RedHat
>>> (end quote)
>>>
>>
>> Suggesting that on Redhat you should specify "the directory containing
>> valid SSL CA roots" by setting ssl_client_ca_file sounds kinda crazy.
>> Sounds like setting a file instead.  So that bit of documentation should
>> be treated as rather suspect.
>>
>> Regards,
>> Andrew
>
> In some environments, root certs are stored in a hashed directory, in 
> other environments they're stored in one file.  One would typically 
> use one setting or the other.
>
> I think ssl_client_ca_file was implemented later than 
> ssl_client_ca_dir. The comment just needs to be updated.



More information about the dovecot mailing list