Re: pkg/52918: mail/dovecot does not supply intermediate CA certs

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost,Hauke Fath <hf%spg.tu-darmstadt.de@localhost>
Subject: Re: pkg/52918: mail/dovecot does not supply intermediate CA certs
From: Filip Hajny <filip%joyent.com@localhost>
Date: Thu, 11 Jan 2018 16:25:00 +0000 (UTC)

The following reply was made to PR pkg/52918; it has been noted by GNATS.

From: Filip Hajny <filip%joyent.com@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: pkg/52918: mail/dovecot does not supply intermediate CA certs
Date: Thu, 11 Jan 2018 17:20:50 +0100

 > ssl_cert =3D </etc/openssl/certs/server.cert
 > ssl_key =3D </etc/openssl/private/server.key
 > ssl_ca =3D </etc/openssl/certs/ca-cert-chain.pem

 The way I understand the docs, ssl_ca was intended for client =
 certificate authentication only. In my years old config file, I still =
 have the original upstream comment that says

 "PEM encoded trusted certificate authority. Set this only if you intend =
 to use ssl_verify_client_cert=3Dyes.=E2=80=9D

 And I have always bundled my CA intermediate certificates with the one =
 specified using ssl_cert, because that worked for me in the past.

 I=E2=80=99d wait for a confirmation from upstream, it doesn=E2=80=99t =
 feel like a reason to roll back though.

 -F=

Prev by Date: Re: pkg/52918: mail/dovecot does not supply intermediate CA certs
Next by Date: Re: pkg/52921 (cross/cross-libtool-base/PLIST is broken)
Previous by Thread: Re: pkg/52918: mail/dovecot does not supply intermediate CA certs
Next by Thread: Re: pkg/52921 (cross/cross-libtool-base/PLIST is broken)
Indexes:

Home | Main Index | Thread Index | Old Index