On 01/02/2018 5:59 pm, Viktor Dukhovni wrote: > This both loads the default CAfile and sets up the default CApath, so > we don't yet know whether your CApath directory is fully prepared or > not... So now you could try reverting to: > > tls_append_default_CA = no > smtpd_tls_CApath = /etc/pki/tls/certs > > which should work if the above directory has the expected symlinks. > Otherwise, you could run "c_rehash" to make it so. That'll save > each smtpd(8) process the (probably small) cost of loading all the > CAs at startup. > smtpd_tls_CApath is already set to that directory, and all files are bundles, including many cacerts in the one file. Bill Cole posted a means of separating these, I might have a go at that later (can't find c_rehash anywhere but do have csplit available)
- Re: Achieving trusted TLS connection Bastian Blank
- Re: Achieving trusted TLS connection Danny Horne
- Re: Achieving trusted TLS connection Viktor Dukhovni
- Re: Achieving trusted TLS connection Danny Horne
- Re: Achieving trusted TLS connection Viktor Dukhovni
- Re: Achieving trusted TLS connection Danny Horne
- Re: Achieving trusted TLS connection Viktor Dukhovni
- Re: Achieving trusted TLS connection Danny Horne
- Re: Achieving trusted TLS connection Danny Horne
- Re: Achieving trusted TLS connection Viktor Dukhovni
- Re: Achieving trusted TLS connection Danny Horne
- Re: Achieving trusted TLS connection Viktor Dukhovni
- Re: Achieving trusted TLS connection Danny Horne
- Re: Achieving trusted TLS connection Viktor Dukhovni
- Re: Achieving trusted TLS connection Bill Cole
- Re: Achieving trusted TLS connection Viktor Dukhovni
- Re: Achieving trusted TLS connection Bill Cole
