Disable client authentication with certificates
Wolfgang Breyha
wbreyha at gmx.net
Tue Dec 10 11:12:48 EST 2013
Stefan Gofferje wrote, on 10.12.2013 16:33:
> Maybe the existing options could just be extended, like in the Postfix
> setting for TLS, e.g.
>
> tls_imap_require_cert: no|ask|require
Changing the way how existing options work and breaking compatibility to
existing configurations is most likely not the best idea;-)
> I think, having logical options which are clear to the admin are better
> than some implicit consequences which are not not bilaterally logical.
> I don't know if I express this right/understandable :).
Adding a new option is easy. Done in 30 minutes. I can do it if a official dev
says it makes sense and will be added... but I don't get any answers from Bron
for very long time now. So I'm pushing the patches I use myself locally to
bugzilla waiting for a response.
> The background is that a bunch of TLS tutorials on the web include
> configuring the CA but not explaining in detail why, so an inexperienced
> admin could assume that he should put the CA certificate for the server
> cert's CA there.
TLS tutorials for cyrus-imapd including tls_ca_path/file by default? Most
likely to get rid of the debug warnings.
Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha at gmx.net> | http://www.blafasel.at/
Vienna University Computer Center | Austria
More information about the Info-cyrus
mailing list