On 21/09/15 17:28, Alex Bulan wrote: > The result is the same with or without "<" before the file path. With > "<" the inode atime is updated at Dovecot startup, so the file is at > least opened, but Dovecot still can't verify the cert. > > The only place in the Wiki that shows an example of ssl_client_ca_file > is on this page, and there's no "<" in front of the file path: > > http://wiki2.dovecot.org/Replication > > (quote) > The client must be able to verify that the SSL certificate is valid, so > you need to specify the directory containing valid SSL CA roots: > > ssl_client_ca_dir = /etc/ssl/certs # Debian/Ubuntu > ssl_client_ca_file = /etc/pki/tls/cert.pem # RedHat > (end quote) >
Suggesting that on Redhat you should specify "the directory containing valid SSL CA roots" by setting ssl_client_ca_file sounds kinda crazy. Sounds like setting a file instead. So that bit of documentation should be treated as rather suspect. Regards, Andrew
