> On May 31, 2017 at 6:10 PM Ralf Hildebrandt <ralf.hildebra...@charite.de> > wrote: > > > * Ralf Hildebrandt <ralf.hildebra...@charite.de>: > > > So I added > > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt > > > > But alas: > > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting in > > /etc/dovecot/conf.d/10-ssl.conf:36: ssl_ca_file has been replaced by ssl_ca > > = <file > > > > Gnarf! As you can see I do HAVE ssl_ca in my doveconf -n output! > > > > ssl_ca = </etc/ssl/certs/ca-certificates.crt > > > > So what gives? > > It seems to be similar to: > https://www.dovecot.org/pipermail/dovecot/2017-March/107488.html > > "Can't verify remote server certs without trusted CAs (ssl_client_ca_* > settings)" > > -- > Ralf Hildebrandt > Geschäftsbereich IT | Abteilung Netzwerk > Charité - Universitätsmedizin Berlin > Campus Benjamin Franklin > Hindenburgdamm 30 | D-12203 Berlin > Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 > ralf.hildebra...@charite.de | https://www.charite.de >
Hi. passdb imap was changed to verify remote SSL cert by default (yeah, it kinda didn't do this before). It requires a ssl_ca_file or ssl_ca_dir setting in args. Or you can disable this behaviour with allow_invalid_cert. Aki
