[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS verify errors

--On Thursday, August 16, 2007 2:42 PM +0200 Hallvard B Furuseth <h.b.furuseth@usit.uio.no> wrote:

Quanah Gibson-Mount writes:
TLS_CACERT /opt/zimbra/conf/ca/ca.pem
If I change it to TLS_CACERTDIR and adjust to a path, (...)

If I remember correctly TLS_CACERTDIR needs to be set up with some OpenSSL magic, it's not just a directory into which you can drop certificate files. Maybe the reverse is true as well, and a cert from a TLS_CACERTDIR does not work in TLS_CACERT.

Thank you both for your responses. Interestingly enough, slapd will start, and STARTTLS will work, if I create the hash and use TLSCACERTDIR.

However, why won't it work if I use TLS_CACERT <file> ? It should be perfectly valid, and that actually works for me on every other platform I use (Linux). The only one where this doesn't work is on MAC OS X. Must be a Mac specific bug I guess.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration