> On Nov 9, 2017, at 6:42 PM, Philip Prindeville > <philipp_s...@redfish-solutions.com> wrote: > > Hi. > > I’m seeing a lot of these, one per message new client connection, in fact: > > Nov 9 17:06:49 mail cyrus/imaps[6047]: inittls: Loading hard-coded DH > parameters > Nov 9 17:06:49 mail cyrus/imaps[6047]: TLS server engine: No client CA certs > specified. Client side certs may not work > > I’ve not perused this part of the source in a couple of years and don’t have > it handy. > > If the certs are detected at initialization, can we move the message there? > And if it’s rechecked per connection, can we have a static (initially false) > that tracks whether this message has been emitted, and if not emits the > message and then sets the flag to true? > > Thanks, > > -Philip >
Got back to my desk and restarted a stalled upgrade to High Sierra (buyer beware…) Looked at: https://github.com/cyrusimap/cyrus-imapd/blob/master/imap/tls.c#L286 Could the LOG_NOTICE be dropped down to LOG_INFO? Commenting out: tls_client_ca_dir: /etc/ssl/certs seems to fix the 2nd message. -Philip