STARTTLS on Cyrus IMAPd 2.3.11

Jorey Bump list at
Wed Mar 19 20:26:42 EDT 2008

Jorey Bump wrote, at 03/19/2008 06:41 PM:

> tls_ca_file: /etc/ssl/certs/local-ca-bundle.crt

This seems to be the cause of the problem. If I remove this setting, 
everything works as expected. Note that this didn't interfere on 2.3.7.

The entry in imapd.conf(5) isn't very illuminating:

   tls_ca_file: <none>
      File containing one or more Certificate Authority (CA)

Is this used for verifying client certificates? If so, why wouldn't it 
be possible to have it defined and still accept other means of 
authentication? What's changed about this parameter since 2.3.7?

Fortunately, I don't appear to need it, and can no longer remember why I 
defined it in the first place (unless it's needed for chained 
certificates or local CAs, which I once used on the 2.3.7 production 
machine, but switched to a single root certificate).

More information about the Info-cyrus mailing list