On Thu, Feb 11, 2021 at 05:04:24PM +, bitozoid wrote:
> > It can also contain intermediate CA certificates. Storing non-root CAs
> > carries a risk that they may expire before you remove them, and then
> > they may take precedence over non-expired intermediate CA certs that the
> > remote pee
On Thu, Feb 11, 2021 at 4:49 PM Viktor Dukhovni
wrote:
>
> On Thu, Feb 11, 2021 at 02:51:02PM +, bitozoid wrote:
>
> > As of today, doc says for 'smtp_tls_CAfile':
> >
> > "A file containing CA certificates of root CAs trusted to sign either
> > remote SMTP server certificates or intermediate
On Thu, Feb 11, 2021 at 02:51:02PM +, bitozoid wrote:
> As of today, doc says for 'smtp_tls_CAfile':
>
> "A file containing CA certificates of root CAs trusted to sign either
> remote SMTP server certificates or intermediate CA certificates."
It can also contain intermediate CA certificates.
On 11.02.21 14:51, bitozoid wrote:
>As of today, doc says for 'smtp_tls_CAfile':
>
>"A file containing CA certificates of root CAs trusted to sign either
>remote SMTP server certificates or intermediate CA certificates."
>
>and for 'smtp_tls_CApath':
>
>"Directory with PEM format Certification Aut
On Thu, Feb 11, 2021 at 3:11 PM Matus UHLAR - fantomas
wrote:
> On 11.02.21 14:51, bitozoid wrote:
> >As of today, doc says for 'smtp_tls_CAfile':
> >
> >"A file containing CA certificates of root CAs trusted to sign either
> >remote SMTP server certificates or intermediate CA certificates."
> >
On 11.02.21 14:51, bitozoid wrote:
As of today, doc says for 'smtp_tls_CAfile':
"A file containing CA certificates of root CAs trusted to sign either
remote SMTP server certificates or intermediate CA certificates."
and for 'smtp_tls_CApath':
"Directory with PEM format Certification Authority
Victor Duchovni a écrit :
>> I don't think it is. I would otherwise not be able to find the file
>> indicated by smtp_tls_CAfile.
>
> No, this file is loaded into memory before smtp(8) enters the chroot
> jail, while smtp_tls_CApath is accessed post-jail.
>
Ok, I didn't know. I can see you made i
On Wed, Feb 25, 2009 at 05:19:48PM +0100, Manuel P?gouri?-Gonnard wrote:
> >> OTOH, server certificate verification should be done against
> >> certificates in the directory indicated by smtp_tls_CApath. For some
> >> reason, I didn't manage to get it working (and yes, I ran c_rehash on
> >> this
We're still taking documentation fixes for Postfix 2.6...
Wietse
Victor Duchovni a écrit :
>> So this should not be used to verify a server's certificate. In
>> practice, if the file pointed to by smtp_tls_CAfile is a concatenation
>> of CA's certificates, then they are all used to verify the server's
>> certificate.
>
> Yes, smtp_tls_CAfile is used to verify s
On Wed, Feb 25, 2009 at 02:14:40PM +0100, Manuel P?gouri?-Gonnard wrote:
> I'm afraid I don't understand what the directive smtp_tls_CAfile does
> exactly. According to postconf(5),
>
> > smtp_tls_CAfile (default: empty)
> > The file with the certificate of the certification authority (CA) tha
Manuel P?gouri?-Gonnard:
> Hi,
>
> I'm afraid I don't understand what the directive smtp_tls_CAfile does
> exactly. According to postconf(5),
>
> > smtp_tls_CAfile (default: empty)
> > The file with the certificate of the certification authority (CA) that
> > issued the Postfix SMTP client
12 matches
Mail list logo