Subject: openssl CA certs
To: None <email@example.com>
From: Wolfgang S. Rupprecht <wolfgang+gnus20030719T103746@wsrcc.com>
Date: 07/19/2003 10:46:23
I just installed the postfix w. tls from pkgsrc. What a nice hack.
Thanks for the folks that put in the work!
One thing that netbsd's postfix and/or openssl is missing out of the
box is a comprehensive set of CA certificates to validate the
host-level certs that postfix will get handed from the remote host.
I've started to put together a bundle of CA certs to feed to postfix.
Most of them came from "curl", but I've appended a few other CA certs
that I needed. The file is in a format that postfix can use via:
smtpd_tls_CAfile = /etc/openssl/certs/all-cacert.pem
smtp_tls_CAfile = /etc/openssl/certs/all-cacert.pem
Is there enough interest to include something like this with netbsd?
Yes, I know it is another file to maintain, but without it openssl
just can't validate the remote certifications. Thoughts?
Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
(NOTE: The email address above is valid. Edit it at your own peril.)