On Sun, 19 Feb 2012 16:00:43 +0100, Wietse Venema <[email protected]>
wrote:
To investigate, you can strace the SMTP daemon (see DEBUG_README.html)
and see what system calls fail. That will also show whether you
correctly followed instructions to turn of the chroot feature.
Thanks to strace I figured out that
1) Postfix was trying to open correct certificate
2) These attempts failed because of chroot
3) In first attempt to disable chroot I disabled it on wrong process
4) With chroot disabled postfix doesn't complain about certificate
validation if I set 'smtp_tls_CApath = /etc/ssl/certs'
5) However without 'smtp_tls_CApath = /etc/ssl/certs' certificate
validation still fails despite tls_append_default_CA = yes
Is tls_append_default_CA expected to work when none of *CApath and *CAfile
are set?
--
Regards, Artemy
