Re: sendmail, openssl 1.1.1, tls1.3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Mon, 2018-10-15 at 16:57 -0700, Claus Assmann wrote:
> Please tell whoever is responsible for that default to fix it.

I will do that.

> The certs should be in CACertPath if at all.

Nothing to do with openssl, but for sendmail, suppose we have

O CACertFile=/etc/pki/tls/certs/one-ca-certificate.pem
O CACertPath=/etc/pki/tls/certs
O ServerCertFile=/etc/pki/tls/certs/sendmail.pem

where one-ca-certificate.pem is the certificate of the CA that signed
the sendmail.pem certificate, and /etc/pki/tls/certs/ca-bundle.crt
contains many CA certificates that we want to use for certificate
validation.

https://www.sendmail.org/~ca/email/starttls.html

I presume that means we need to split this ca-bundle.crt into 150
separate files, and compute hashes for each, with another 150 symbolic
links. Is that true, or am I missing some shortcut?



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEAREKAAYFAlvFWT8ACgkQL6j7milTFsHnswCdElJTGjCGao0n4xWqWB2nb2Bn
HyUAnj17PT/b/x26P4WGGD4TTq6Mjvuc
=O8T0
-----END PGP SIGNATURE-----


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux