On Sun, 19 Feb 2012 17:10:50 +0100, Wietse Venema <wie...@porcupine.org>
wrote:
As per the documentation, Postfix APPENDS to certificates in *CApath
or *CAfile. If you don't specify certificates in *CApath and *CAfile,
then Postfix won't append to them.
Could you add to documentation this sentence "If you don't specify
certificates in *CApath and *CAfile, then Postfix won't append to them."?
It's likely there're other people who can misinterpret "APPENDS" the way I
did.
Reflecting on why I misinterpreted it… This was caused by optimistic
approach. I expected there's a simple way to just start using certificates
installed in a system. Adding one configuration option is simpler then
adding two. I decided the list of certificates would be empty if I don't
specify *CApath and *CAfile, and tls_append_default_CA would append
default certificates to this empty list thus populating it. That would be
simple and convenient. Now it appears that I have to go a bit less
convenient way: specify the path to certs twice for smtp and smtpd.
Or maybe it's possible to make it simple?
--
Regards, Artemy
