> On June 1, 2017 at 1:42 PM Ralf Hildebrandt <ralf.hildebra...@charite.de>
> wrote:
>
>
> * Aki Tuomi <aki.tu...@dovecot.fi>:
>
> > > > So I added
> > > > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt
> > > >
> > > > But alas:
> > > > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting in
> > > > /etc/dovecot/conf.d/10-ssl.conf:36: ssl_ca_file has been replaced by
> > > > ssl_ca = <file
> > > >
> > > > Gnarf! As you can see I do HAVE ssl_ca in my doveconf -n output!
> > > >
> > > > ssl_ca = </etc/ssl/certs/ca-certificates.crt
> > > >
> > > > So what gives?
> > >
> > > It seems to be similar to:
> > > https://www.dovecot.org/pipermail/dovecot/2017-March/107488.html
> > >
> > > "Can't verify remote server certs without trusted CAs (ssl_client_ca_*
> > > settings)"
> > >
> > > --
> > > Ralf Hildebrandt
> > > Geschäftsbereich IT | Abteilung Netzwerk
> > > Charité - Universitätsmedizin Berlin
> > > Campus Benjamin Franklin
> > > Hindenburgdamm 30 | D-12203 Berlin
> > > Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
> > > ralf.hildebra...@charite.de | https://www.charite.de
> > >
> >
> > Hi.
> >
> > passdb imap was changed to verify remote SSL cert by default (yeah, it
> > kinda didn't do this before). It requires a ssl_ca_file or ssl_ca_dir
> > setting in args. Or you can disable this behaviour with
> > allow_invalid_cert.
>
> I did specify "ssl_ca_file", but then dovecot said "ssl_ca_file has been
> replaced by ssl_ca = <file" -- so I used that and it wouldn't work
> either!
>
> --
> Ralf Hildebrandt
I ment
passdb {
driver = imap
args = ... ssl_ca_file=/path/to/ca
}
Aki
