Loading...

postfix-users@postfix.org

[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: Issues with tls_append_default_CA and *_tls_CApath Artemy Tregubenko Sun Feb 19 07:01:07 2012

On Sun, 19 Feb 2012 16:00:43 +0100, Wietse Venema <[EMAIL PROTECTED]> wrote:

Therefore, the Equifax certificate wasn't found with 'smtp_tls_CApath
= /etc/ssl/certs'. For CApath to work, you need to run a program
that sets up the necessary symlinks (named after a certificate hash)
that allow the OpenSSL library to find the corresponding certificate
files.

AFAIK, Ubuntu updates those symlinks automatically. Also, while debugging the issue I manually ran `c_rehash /etc/ssl/certs` several times.

To investigate, you can strace the SMTP daemon (see DEBUG_README.html)
and see what system calls fail. That will also show whether you
correctly followed instructions to turn of the chroot feature.

Thanks for the tip, I will try that.

--
Regards, Artemy