-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Paul,
Paul Pruett schrieb:
> I hacked some variations on the files trying to get imap applications to
> realize the root was not the cert for registerfly, but the cert that
> registerfly gave me, and then use server key for that cert...
> but it seems that from the log I cannot get the TLS engine to pick
> the right cert to find key for.
>
> OR I just do not know how to configure for a Chained Certificate of
> Authority.
try the following patch:
- --- cyrus-imapd-2.2.12/imap/tls.c 2004-05-04 21:47:34.000000000 +0200
+++ cyrus-imapd-2.2.12-new/imap/tls.c 2006-11-12 15:28:05.000000000 +0100
@@ -357,8 +357,8 @@
const char *cert_file, const char *key_file)
{
if (cert_file != NULL) {
- - if (SSL_CTX_use_certificate_file(ctx, cert_file,
- - SSL_FILETYPE_PEM) <= 0) {
+ if (SSL_CTX_use_certificate_chain_file(ctx, cert_file,
+ SSL_FILETYPE_PEM) <= 0) {
syslog(LOG_ERR, "unable to get certificate from '%s'", cert_file);
return (0);
}
and the cert file must contain:
1. your server cert
2. the intermediate (chain) CA cert(s)
(in the order lowest cert to top level cert)
3. the root cert (optionally)
in that order.
This requires openssl >= 0.97.
Bye
Goetz
- --
DMCA: The greed of the few outweighs the freedom of the many
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFVzGg2iGqZUF3qPYRAr6EAJwLfUA6ckzYyjbKLMnSjCG4R6DZDQCfTK/L
geT2qTJtUWZsNqwyKaI9zF0=
=WedT
-----END PGP SIGNATURE-----
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
