Goetz Babin-Ebell wrote, at 11/13/2008 03:57 PM:
> If you don't want to do client authentication, why do you set
> tls_ca_file at all ?
Hmm, I do it to suppress these errors:
TLS server engine: cannot load CA data
Setting tls_ca_file to a properly formatted bundle suppresses the error,
but now i'm wondering if that's a good idea. Will this expose my server
in any way? I don't see how, but the documentation (and error) is very
sparse:
tls_ca_file: <none>
File containing one or more Certificate Authority (CA) certificates.
There's no mention of client certificate authentication.
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
