https://bugzilla.novell.com/show_bug.cgi?id=700735
https://bugzilla.novell.com/show_bug.cgi?id=700735#c1
--- Comment #1 from Freek de Kruijf 2011-06-18 09:25:33 UTC ---
On the last issue about the certificate, I entered the following line in
main.cf which solved the problem:
smtp_tls_CApath = /etc/ssl/certs
It turns out that there is an issue with OpenSSL here. In case smtp_tls_CAfile
or smtp_tls_CApath is not empty the OpenSSL API is used to do the work. However
the default seems to be that OpenSSL uses the certs in /etc/ssl/certs anyway.
See the discussion on:
http://tech.groups.yahoo.com/group/postfix-users/message/266353
What I understood from the discussion is that it is better to copy the proper
certificates from the /etc/ssl/certs to the map /etc/postfix/certs and enter
/etc/postfix/certs as the value of the above smtp_tls_CApath parameter. However
one needs to to use a command c_hash (from /usr/share/ssl/misc/c_hash ?) to
generate hash entries in that map.
The above solution seems to be OK as long as the postfix daemon is not
configured to accept connections based on these certs.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
