Steffen Nurpmeso wrote in <20220609205550.kbvci%stef...@sdaoden.eu>: ... |.. But .. in fact postfix's TLS configuration regarding CAfile |made me appear so foolish i kept | | # That one is for client certificates! | #smtpd_tls_CAfile = /etc/dovecot/cert.pem | |in my configuration. I cannot tell no more what i expected. |I think it would be that _CAfile points to the usual crypto lib |(or .. you know) delivered CA-certificates aka trusted CAs, and that client |certificates are treated specially. (Like the former via, hm, |SSL_CTX_load_verify_locations(), but then making a difference for |permit_tls_clientcerts. I really had to look very deeply now for |whether this is realizable like that.)
Of course i never had the coolness to use a self-signed certificate on the server. Which explains that a bit. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
