[PATCH] FAQ: add two entries concerning 'sslcacertfile'
Johannes Kastl
ojkastl at gmx.de
Sun May 15 18:46:44 BST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 14.05.11 19:56 schrieb Daniel Shahaf:
> On my system /etc/ssl/certs/ is a directory. It contains both *.pem
> files and *.0 symlinks (as created by openssl's c_rehash tool) to
> those files:
On my machine (OSX 10.6.x) just giving -CApath directory was not enough,
I had to explicitly add a file via -CAfile.
To clarify things adding an ending slash to "/etc/ssl/certs" would be nice.
> The purpose of having -CApath (or -CAfile) in the openssl invocation
> is to verify that there is a "trust path" (certificates chain) from
> the system-installed CA certificates to the certificate being
> presented to openssl (and stored for posterity in a file offlineimap
> will use). You can leave it out if you have another way of verifying
> that the sslcacertfile's contents are indeed the correct
> certificate.
As said above, just adding a directory was not enough on my machine...
Regards,
Johannes
- --
Men of quality are not afraid of women for equality.
(unknown)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3QEYMACgkQeghBUmrA8gllqwCbBazEXB58QsLDYE/PxiyS/OQo
GQAAn0S83DQOGWPGJ/XGlu6OGmCqVBL3
=NtWT
-----END PGP SIGNATURE-----
More information about the OfflineIMAP-project
mailing list