Upgrading to v2.3.X breaks ssl san?

Aki Tuomi aki.tuomi at open-xchange.com
Fri Aug 9 14:50:03 EEST 2019


On 8.8.2019 21.31, Hauke Fath via dovecot wrote:
> On Wed, 7 Aug 2019 20:24:13 +0300 (EEST), Aki Tuomi via dovecot wrote:
>>> i thought ssl_ca is where to put the intermediate cert?
> Well, it surely worked that way until v2.3...
>
>> (Sorry for duplicate mail, keyboard acted up...)
>>
>> No, that has always been a mistake and it was fixed in 2.3. Our SSL 
>> pages in documentation & wiki have always recommended concatenating 
>> the intermediates with the cert.
> Aki, after the issue came up last time 
> <http://dovecot.2317879.n4.nabble.com/dovecot-2-2-openssl-1-0-vs-dovecot-2-3-openssl-1-1-1-ssl-regression-tt65322.html#none>, 
> you appeared to have changed your mind? What happened?
>
> Cheerio,
> Hauke
>

I don't see any change of mind here.

As you can see in the quote you mentioned,

> > Including ssl_ca with cert is not actually a good idea, but perhaps
this should
> > indeed be mentioned in the upgrading page. Not a regression in any
case.

Aki


More information about the dovecot mailing list