Re: Issues with tls_append_default_CA and *_tls_CApath

On Sun, 19 Feb 2012 17:10:50 +0100, Wietse Venema <[EMAIL PROTECTED]>  
wrote:

> As per the documentation, Postfix APPENDS to certificates in *CApath
> or *CAfile. If you don't specify certificates in *CApath and *CAfile,
> then Postfix won't append to them.

Could you add to documentation this sentence "If you don't specify  
certificates in *CApath and *CAfile, then Postfix won't append to them."?  
It's likely there're other people who can misinterpret "APPENDS" the way I  
did.

Reflecting on why I misinterpreted it… This was caused by optimistic  
approach. I expected there's a simple way to just start using certificates  
installed in a system. Adding one configuration option is simpler then  
adding two. I decided the list of certificates would be empty if I don't  
specify *CApath and *CAfile, and  tls_append_default_CA would append  
default certificates to this empty list thus populating it. That would be  
simple and convenient. Now it appears that I have to go a bit less  
convenient way: specify the path to certs twice for smtp and smtpd.

Or maybe it's possible to make it simple?

--
Regards, Artemy