-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
fgang Hennerbichler schrieb:
> On 15.11.2006, at 00:59, Phil Pennock wrote:
>
>> I'm open to more feature requests.
>
> Well, here is one.
> For self-signed certificates I get the error
> STARTTLS promotion failed: SSL connect attempt failed with unknown
> errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> verify failed
>
> it would be great to add a --noverify option for TLS, for self-signed
> certificates.
could you test the following change:
my %ssl_options = (
SSL_version => 'TLSv1',
SSL_cipher_list => 'ALL:!NULL:!LOW:!EXP:!ADH:@STRENGTH',
SSL_verify_mode => 0x01,
SSL_ca_path => '/etc/ssl/certs',
SSL_ca_file => '</path/to/self/signed/server/cert.pem>',
);
(with slightly modified SSL_ca_file parameter ;-) )
Bye
Goetz
- --
DMCA: The greed of the few outweighs the freedom of the many
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFWvun2iGqZUF3qPYRAiUbAJ9ZslRWww6+tuipmdCLm3RAoUW6XQCfRTdi
wi0znXml+CSqOLMXmrsszXA=
=W4kK
-----END PGP SIGNATURE-----
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
