[openssl-users] sendmail, openssl 1.1.1, tls1.3

Carl Byington carl at five-ten-sg.com
Tue Oct 16 03:23:00 UTC 2018


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Mon, 2018-10-15 at 16:57 -0700, Claus Assmann wrote:
> Please tell whoever is responsible for that default to fix it.

I will do that.

> The certs should be in CACertPath if at all.

Nothing to do with openssl, but for sendmail, suppose we have

O CACertFile=/etc/pki/tls/certs/one-ca-certificate.pem
O CACertPath=/etc/pki/tls/certs
O ServerCertFile=/etc/pki/tls/certs/sendmail.pem

where one-ca-certificate.pem is the certificate of the CA that signed
the sendmail.pem certificate, and /etc/pki/tls/certs/ca-bundle.crt
contains many CA certificates that we want to use for certificate
validation.

https://www.sendmail.org/~ca/email/starttls.html

I presume that means we need to split this ca-bundle.crt into 150
separate files, and compute hashes for each, with another 150 symbolic
links. Is that true, or am I missing some shortcut?



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEAREKAAYFAlvFWT8ACgkQL6j7milTFsHnswCdElJTGjCGao0n4xWqWB2nb2Bn
HyUAnj17PT/b/x26P4WGGD4TTq6Mjvuc
=O8T0
-----END PGP SIGNATURE-----




More information about the openssl-users mailing list