STARTTLS on Cyrus IMAPd 2.3.11
Jorey Bump
list at joreybump.com
Wed Mar 19 20:26:42 EDT 2008
Jorey Bump wrote, at 03/19/2008 06:41 PM:
> tls_ca_file: /etc/ssl/certs/local-ca-bundle.crt
This seems to be the cause of the problem. If I remove this setting,
everything works as expected. Note that this didn't interfere on 2.3.7.
The entry in imapd.conf(5) isn't very illuminating:
tls_ca_file: <none>
File containing one or more Certificate Authority (CA)
certificates.
Is this used for verifying client certificates? If so, why wouldn't it
be possible to have it defined and still accept other means of
authentication? What's changed about this parameter since 2.3.7?
Fortunately, I don't appear to need it, and can no longer remember why I
defined it in the first place (unless it's needed for chained
certificates or local CAs, which I once used on the 2.3.7 production
machine, but switched to a single root certificate).
More information about the Info-cyrus
mailing list