Re: Issues with tls_append_default_CA and *_tls

postfix-users@postfix.org

[Prev] Thread [Next] | [Prev] Date [Next]

Re: Issues with tls_append_default_CA and *_tls_CApath Artemy Tregubenko Sun Feb 19 07:01:07 2012

On Sun, 19 Feb 2012 16:00:43 +0100, Wietse Venema <[EMAIL PROTECTED]>wrote:

Therefore, the Equifax certificate wasn't found with 'smtp_tls_CApath
= /etc/ssl/certs'. For CApath to work, you need to run a program
that sets up the necessary symlinks (named after a certificate hash)
that allow the OpenSSL library to find the corresponding certificate
files.

AFAIK, Ubuntu updates those symlinks automatically. Also, while debuggingthe issue I manually ran `c_rehash /etc/ssl/certs` several times.

To investigate, you can strace the SMTP daemon (see DEBUG_README.html)
and see what system calls fail. That will also show whether you
correctly followed instructions to turn of the chroot feature.


Thanks for the tip, I will try that.

--
Regards, Artemy

Issues with tls_append_default_CA and *_tls_CApath Artemy Tregubenko 2012/02/19

Re: Issues with tls_append_default_CA and *_tls_CApath Wietse Venema 2012/02/19

Re: Issues with tls_append_default_CA and *_tls_CApath Artemy Tregubenko 2012/02/19

Re: Issues with tls_append_default_CA and *_tls_CApath Wietse Venema 2012/02/19

Re: Issues with tls_append_default_CA and *_tls_CApath Artemy Tregubenko 2012/02/19 <=

Re: Issues with tls_append_default_CA and *_tls_CApath Artemy Tregubenko 2012/02/19

Re: Issues with tls_append_default_CA and *_tls_CApath Wietse Venema 2012/02/19
Re: Issues with tls_append_default_CA and *_tls_CApath Artemy Tregubenko 2012/02/19
Re: Issues with tls_append_default_CA and *_tls_CApath Wietse Venema 2012/02/19
Re: Issues with tls_append_default_CA and *_tls_CApath Artemy Tregubenko 2012/02/19
Re: Issues with tls_append_default_CA and *_tls_CApath Wietse Venema 2012/02/19
Re: Issues with tls_append_default_CA and *_tls_CApath Artemy Tregubenko 2012/02/19