Manuel P?gouri?-Gonnard:
> Hi,
>
> I'm afraid I don't understand what the directive smtp_tls_CAfile does
> exactly. According to postconf(5),
>
> > smtp_tls_CAfile (default: empty)
> > The file with the certificate of the certification authority (CA) that
> > issued the Postfix SMTP client certificate. This is needed only when
> > the CA certificate is not already present in the client certificate
> > file.
>
> So this should not be used to verify a server's certificate. In
> practice, if the file pointed to by smtp_tls_CAfile is a concatenation
> of CA's certificates, then they are all used to verify the server's
> certificate.
>
> OTOH, server certificate verification should be done against
> certificates in the directory indicated by smtp_tls_CApath. For some
That is smtpd_tls_CApath (or smtpd_tls_CAfile).
Wietse
> reason, I didn't manage to get it working (and yes, I ran c_rehash on
> this directory).
>
> Has someone any idea why I can't get this directive working?
>
> My server are finally working as I want wrt TLS, but I feel very
> uncomfortable with this situation: the directive which should do the job
> accoring to the manual doesn't work, and the directive which souldn't do
> it, does it.
>
> Did I misunderstand something in the manual? If not, may I suggest
> updating either the manual or the code so that they match?
>
> Thanks,
> Manuel.
>
>
