[tpop3d-discuss]SSL CA Certificates
David Mitchell
dmitchell at alphalink.com.au
Thu, 8 Jul 2004 10:05:12 +1000
Hi,
I had the same problem with a Comodo cert and managed to fix it by changing
one line in tls.c:
# diff tls.c.orig tls.c
86c86
< if ((ret = SSL_CTX_use_certificate_file(ctx, certfile,
SSL_FILETYPE_PEM)) <= 0) {
---
> if ((ret = SSL_CTX_use_certificate_chain_file(ctx, certfile)) <= 0) {
The listen-address line in my config is like so:
listen-address:
0.0.0.0(f.q.d.n);tls=immediate,/usr/local/ssl/certs/both.crt,/usr/local/ssl/
certs/server.key
where "f.q.d.n" is the FQDN in your cert, "both.crt" is a certificate file
with your cert and Comodo's cert (in that order) and "server.key" is your
server's private key. Set other options as needed for your setup, obviously
:)
There are only two problems I've found with this fix so far. Eudora clients
still won't automatically trust the cert for some reason, but it works great
in every other client I've tried. Second issue is that the certs have to be
in PEM format, as chained certs don't work for DER format.
HTH,
Dave
----- Original Message -----
From: "Travis Miller" <tmiller@web-1hosting.net>
To: <tpop3d-discuss@lists.beasts.org>
Sent: Thursday, July 08, 2004 3:26 AM
Subject: [tpop3d-discuss]SSL CA Certificates
> Hello all,
>
> I too am having the same problem listed at:
>
> http://lists.beasts.org/pipermail/tpop3d-discuss/2004-May/002862.html
>
> However, I never saw a reply with a solution? Is there one?
>
> Thanks!
>
> --
> Travis Miller
> Web-1 Hosting, L.P.
> P.O. Box 2752
> Spring, TX 77383-2752
> (866) 224-8981
> tmiller@web-1hosting.net
>
> _______________________________________________
> tpop3d-discuss mailing list
> tpop3d-discuss@lists.beasts.org
> http://lists.beasts.org/mailman/listinfo/tpop3d-discuss
>