Subject: openssl CA certs
To: None <tech-crypto@netbsd.org>
From: Wolfgang S. Rupprecht <wolfgang+gnus20030719T103746@wsrcc.com>
List: tech-crypto
Date: 07/19/2003 10:46:23
I just installed the postfix w. tls from pkgsrc. What a nice hack.
Thanks for the folks that put in the work!
One thing that netbsd's postfix and/or openssl is missing out of the
box is a comprehensive set of CA certificates to validate the
host-level certs that postfix will get handed from the remote host.
I've started to put together a bundle of CA certs to feed to postfix.
Most of them came from "curl", but I've appended a few other CA certs
that I needed. The file is in a format that postfix can use via:
smtpd_tls_CAfile = /etc/openssl/certs/all-cacert.pem
smtp_tls_CAfile = /etc/openssl/certs/all-cacert.pem
Is there enough interest to include something like this with netbsd?
http://www.wsrcc.com/wolfgang/ftp/all-cacert.pem.gz
Yes, I know it is another file to maintain, but without it openssl
just can't validate the remote certifications. Thoughts?
-wolfgang
--
Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
(NOTE: The email address above is valid. Edit it at your own peril.)