--On Thursday, February 09, 2017 9:43 PM +0100 "A. Schulze" <sca@andreasschulze.de> wrote:that's not the issue. A TLS server sent it's certificate and all intermediates EXCLUDING the self signed root to the client. This is not true for my setup and I don't know why: misconfiguration or wrong ssl implementation.Sorry, reading back over your configuration, I don't believe it's valid to specify both a CA path and a CA directory. You can use one or the other.
From the man page:
TLSCACertificatePath <path>Specifies the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used. This
directive is not supported when using GnuTLS.
So it is not clear to me what happens if you use both. ;) I've certainly
never tried that. Since you are using both, did you correctly "hash" the
CA certs in the directory you pointed at?
--Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>