-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Mon, 2018-10-15 at 16:57 -0700, Claus Assmann wrote: > Please tell whoever is responsible for that default to fix it. I will do that. > The certs should be in CACertPath if at all. Nothing to do with openssl, but for sendmail, suppose we have O CACertFile=/etc/pki/tls/certs/one-ca-certificate.pem O CACertPath=/etc/pki/tls/certs O ServerCertFile=/etc/pki/tls/certs/sendmail.pem where one-ca-certificate.pem is the certificate of the CA that signed the sendmail.pem certificate, and /etc/pki/tls/certs/ca-bundle.crt contains many CA certificates that we want to use for certificate validation. https://www.sendmail.org/~ca/email/starttls.html I presume that means we need to split this ca-bundle.crt into 150 separate files, and compute hashes for each, with another 150 symbolic links. Is that true, or am I missing some shortcut? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlvFWT8ACgkQL6j7milTFsHnswCdElJTGjCGao0n4xWqWB2nb2Bn HyUAnj17PT/b/x26P4WGGD4TTq6Mjvuc =O8T0 -----END PGP SIGNATURE----- -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
