On Mon, 2005-04-25 at 09:49 -0600, Dax Kelson wrote: > On Mon, 2005-04-25 at 15:55 +0100, Joe Orton wrote: > > No application should contain hard-coded references to the ca-bundle.crt > > filename in the first place, they should obtain it at run-time via > > X509_get_default_cert_file() or if possible just use > > SSL_CTX_set_default_verify_paths() - can you file bugs on that? > > > > Regards, > > > > joe > > In Saturday's rawhide changelog I read: > > dovecot-0.99.14-4.fc4 > --------------------- > * Fri Apr 22 2005 John Dennis <jdennis@xxxxxxxxxx> - 0.99.14-4.fc4 > - openssl moved its certs, CA, etc. from /usr/share/ssl to /etc/pki > > Does this mean that dovecot was hard-coding references too? It uses the paths for different purpose - storing the server's key + certificate - so the rule above doesn't apply. > BTW, I know that there is a *lot* of documentation out there that > references the "old" path, /usr/share/ssl. Unfortunately it isn't > possible for documentation to use SSL_CTX_set_default_verify_paths(). :) Good point! -- Tomas Mraz <tmraz@xxxxxxxxxx>
