[PATCH] FAQ: add two entries concerning 'sslcacertfile'

Johannes Kastl ojkastl at gmx.de
Sun May 15 18:46:44 BST 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am 14.05.11 19:56 schrieb Daniel Shahaf:

> On my system /etc/ssl/certs/ is a directory.  It contains both *.pem
> files and *.0 symlinks (as created by openssl's c_rehash tool) to
> those files:

On my machine (OSX 10.6.x) just giving -CApath directory was not enough,
I had to explicitly add a file via -CAfile.

To clarify things adding an ending slash to "/etc/ssl/certs" would be nice.

> The purpose of having -CApath (or -CAfile) in the openssl invocation
> is to verify that there is a "trust path" (certificates chain) from
> the system-installed CA certificates to the certificate being
> presented to openssl (and stored for posterity in a file offlineimap
> will use).  You can leave it out if you have another way of verifying
> that the sslcacertfile's contents are indeed the correct
> certificate.

As said above, just adding a directory was not enough on my machine...

Regards,
Johannes
- -- 
Men of quality are not afraid of women for equality.
(unknown)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk3QEYMACgkQeghBUmrA8gllqwCbBazEXB58QsLDYE/PxiyS/OQo
GQAAn0S83DQOGWPGJ/XGlu6OGmCqVBL3
=NtWT
-----END PGP SIGNATURE-----




More information about the OfflineIMAP-project mailing list