openssl CA certs

To: tech-crypto%netbsd.org@localhost
Subject: openssl CA certs
From: wolfgang+gnus20030719T103746%wsrcc.com@localhost (Wolfgang S. Rupprecht)
Date: 19 Jul 2003 10:46:23 -0700

I just installed the postfix w. tls from pkgsrc.  What a nice hack.
Thanks for the folks that put in the work!

One thing that netbsd's postfix and/or openssl is missing out of the
box is a comprehensive set of CA certificates to validate the
host-level certs that postfix will get handed from the remote host.

I've started to put together a bundle of CA certs to feed to postfix.
Most of them came from "curl", but I've appended a few other CA certs
that I needed.  The file is in a format that postfix can use via:

    smtpd_tls_CAfile = /etc/openssl/certs/all-cacert.pem
    smtp_tls_CAfile = /etc/openssl/certs/all-cacert.pem

Is there enough interest to include something like this with netbsd?

    http://www.wsrcc.com/wolfgang/ftp/all-cacert.pem.gz 

Yes, I know it is another file to maintain, but without it openssl
just can't validate the remote certifications.  Thoughts?

-wolfgang
-- 
Wolfgang S. Rupprecht                http://www.wsrcc.com/wolfgang/
(NOTE: The email address above is valid.  Edit it at your own peril.)

Prev by Date: Re: openssl 0.9.7 in NetBSD?
Next by Date: test target wanted
Previous by Thread: OpenSSL - errors creating certificate.
Next by Thread: test target wanted
Indexes:

Home | Main Index | Thread Index | Old Index