Re: tls engine certs signed by Chained Certificate of Authority
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Paul,
Paul Pruett schrieb:
I hacked some variations on the files trying to get imap applications to
realize the root was not the cert for registerfly, but the cert that
registerfly gave me, and then use server key for that cert...
but it seems that from the log I cannot get the TLS engine to pick
the right cert to find key for.
OR I just do not know how to configure for a Chained Certificate of
Authority.
try the following patch:
- --- cyrus-imapd-2.2.12/imap/tls.c 2004-05-04 21:47:34.0 +0200
+++ cyrus-imapd-2.2.12-new/imap/tls.c 2006-11-12 15:28:05.0 +0100
@@ -357,8 +357,8 @@
const char *cert_file, const char *key_file)
{
if (cert_file != NULL) {
- - if (SSL_CTX_use_certificate_file(ctx, cert_file,
- -SSL_FILETYPE_PEM) = 0) {
+ if (SSL_CTX_use_certificate_chain_file(ctx, cert_file,
+ SSL_FILETYPE_PEM) = 0) {
syslog(LOG_ERR, unable to get certificate from '%s', cert_file);
return (0);
}
and the cert file must contain:
1. your server cert
2. the intermediate (chain) CA cert(s)
(in the order lowest cert to top level cert)
3. the root cert (optionally)
in that order.
This requires openssl = 0.97.
Bye
Goetz
- --
DMCA: The greed of the few outweighs the freedom of the many
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFVzGg2iGqZUF3qPYRAr6EAJwLfUA6ckzYyjbKLMnSjCG4R6DZDQCfTK/L
geT2qTJtUWZsNqwyKaI9zF0=
=WedT
-END PGP SIGNATURE-
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: problems on folders containing @
Hello, Escape the @ sign: create [EMAIL PROTECTED] this doesn't work either: x create [EMAIL PROTECTED] x NO Invalid mailbox name Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: problems on folders containing @
why does this give an error? x create [EMAIL PROTECTED] x NO Invalid mailbox name Why isn't it allowed at Cyrus that folders contain an @-sign? It was allowed with dovecot and courier-imap and it is possible to create folders with several other characters like Umlauts and spaces. Why is the @-sign blocked? Well, I'm using virtualdomains: userid, but that shouldn't keep me from creating folders within the mailbox as it shouldn't interfere with each other. It seems cyrus doesn't allow folders to contain @ when you're in virtualdomains mode. Obviously things like this might be a bit confusing: [EMAIL PROTECTED]@something.com Though not technically ambiguous. Though commands like this are harder: . list user.blah* @s* To interpret a meangingful result from. Maybe Ken can give more explanation as to why. Rob Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: performance on large inboxes
I'm using ext3 with dir_hash. I considered using XFS, but there are a lot of benchmarks that show that XFS is not faster in general, also the XFS development seems to be stucked at the moment and from my own experience as well as from other people in a recent thread on this mailinglist there are some really strange errors appearing from time to time with XFS that are making it a bad choice for production systems, especially when it happens, that the server crashs unexpectedly (i.e. a memory module fails). I tried to trust ReiserFS several times and I had so much problems with it, that I don't intend to use it ever again. Even Novell/SuSE which praised ReiserFS for a long time turned away from it. I posted my previous thoughts here: http://lists.andrew.cmu.edu/pipermail/info-cyrus/2006-October/024119.html Rob Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
