Loading...

postfix-users@postfix.org

[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: Issues with tls_append_default_CA and *_tls_CApath Artemy Tregubenko Sun Feb 19 09:00:28 2012

On Sun, 19 Feb 2012 17:10:50 +0100, Wietse Venema <[EMAIL PROTECTED]> wrote:

As per the documentation, Postfix APPENDS to certificates in *CApath
or *CAfile. If you don't specify certificates in *CApath and *CAfile,
then Postfix won't append to them.

Could you add to documentation this sentence "If you don't specify certificates in *CApath and *CAfile, then Postfix won't append to them."? It's likely there're other people who can misinterpret "APPENDS" the way I did.

Reflecting on why I misinterpreted it… This was caused by optimistic approach. I expected there's a simple way to just start using certificates installed in a system. Adding one configuration option is simpler then adding two. I decided the list of certificates would be empty if I don't specify *CApath and *CAfile, and tls_append_default_CA would append default certificates to this empty list thus populating it. That would be simple and convenient. Now it appears that I have to go a bit less convenient way: specify the path to certs twice for smtp and smtpd.

Or maybe it's possible to make it simple?

--
Regards, Artemy