On Saturday 27 July 2013, Ruediger Meier wrote:
On Saturday 27 July 2013, Freek de Kruijf wrote:
Op vrijdag 26 juli 2013 09:09:02 schreef Ludwig Nussel:
I'm currently working on that for 13.1¹. Applications are expected to call SSL_CTX_set_default_verify_paths() resp gnutls_x509_trust_list_add_system_trust() to make them use the system certificate store. No package should hardcode /etc/ssl/certs or any bundle file anymore. NSS applications like Firefox need no change. Just install p11-kit-nss-trust instead of mozilla-nss-certs.
Postfix used to have in main.cf two parameters with CApath in it to point to these certs. Now these parameters do not have a value. Should these parameters be replaced by new parameters to indicate the use of the above routine in Postfix?
I've also thought about it already. Actually there are 3 *CApath vars: lmtp_tls_CApath smtp_tls_CApath smtpd_tls_CApath
Just noticed that maybe this might be enough: tls_append_default_CA = yes man 5 postconf cu, Rudi -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org