TLS: unable to get certificate ...

Wesley Craig wes at umich.edu
Sat Apr 12 14:17:06 EDT 2008


 From the article:
> I’ve *finally* discovered why my IMAP server no longer likes my  
> self-signed certificates. The certificates are just fine. Cyrus is  
> just fine. It’s OpenSSL that’s the problem - Bug 1513 to be exact.


> Cyrus calls SSL_CTX_use_certificate_chain_file() to read in the  
> certificate file, but in my case, since I don’t have CA data set,  
> an earlier function returns an error, so the  
> SSL_CTX_use_certificate_chain_file() function also returns an  
> error, even though the certificate and key are just fine.


What does that buy you?  Why not set the cert as the CA, since that  
is the meaning of "self-signed certificate"?

:wes

On 12 Apr 2008, at 12:33, brian wrote:
> That's what I was wondering, also, after coming across this last  
> night:
> http://weblog.elwing.org/elwing/index.php/archive/2007/07/18/cyrus- 
> imap-and-certificates/



More information about the Info-cyrus mailing list