Problems installing ssl certificate for cyrus imap
Ken Murchison
ken at oceana.com
Tue Sep 27 08:25:39 EDT 2005
David Carter wrote:
> On Mon, 26 Sep 2005, Nicole Skyrca wrote:
>
>> The certificate that we purchased has an intermediate certificate.
>
>
> I'm afraid that this is likely to be a problem.
>
> Cyrus (imap/tls.c) uses SSL_CTX_use_certificate_file() rather than the
> more advanced SSL_CTX_use_certificate_chain_file() to set up its
> certificate. My experience with other applications is that you need to
> use the _chain_ version in order for chained certificates to work.
>
> Given that the two functions can be used interchangably, Cyrus should
> probably be using SSL_CTX_use_certificate_chain_file(). The SSL manual
> page for the two functions certainly recommends this.
David, could you open up a bug report to this extent?
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the Info-cyrus
mailing list