[openssl-users] sendmail, openssl 1.1.1, tls1.3
Carl Byington
carl at five-ten-sg.com
Tue Oct 16 03:23:00 UTC 2018
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Mon, 2018-10-15 at 16:57 -0700, Claus Assmann wrote:
> Please tell whoever is responsible for that default to fix it.
I will do that.
> The certs should be in CACertPath if at all.
Nothing to do with openssl, but for sendmail, suppose we have
O CACertFile=/etc/pki/tls/certs/one-ca-certificate.pem
O CACertPath=/etc/pki/tls/certs
O ServerCertFile=/etc/pki/tls/certs/sendmail.pem
where one-ca-certificate.pem is the certificate of the CA that signed
the sendmail.pem certificate, and /etc/pki/tls/certs/ca-bundle.crt
contains many CA certificates that we want to use for certificate
validation.
https://www.sendmail.org/~ca/email/starttls.html
I presume that means we need to split this ca-bundle.crt into 150
separate files, and compute hashes for each, with another 150 symbolic
links. Is that true, or am I missing some shortcut?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEAREKAAYFAlvFWT8ACgkQL6j7milTFsHnswCdElJTGjCGao0n4xWqWB2nb2Bn
HyUAnj17PT/b/x26P4WGGD4TTq6Mjvuc
=O8T0
-----END PGP SIGNATURE-----
More information about the openssl-users
mailing list