On Feb 24, 2014, at 3:50 PM, Reindl Harald <[email protected]> wrote:
> > > Am 25.02.2014 00:42, schrieb James Peach: >> On Jan 31, 2014, at 9:14 AM, Reindl Harald <[email protected]> wrote: >> >>> one thing would be fine too >>> >>> * having a PEM file with Cert/Key/Intermediate-CA >>> * in that case no need for "ssl_ca_name" in "ssl_multicert.config" >>> >>> the valid usecase here is that the wildcard-cert we are using starting >>> with 2014/01 is used for mail, http and whatnot - dovecot has no config >>> for the CA file, so the PEM file contains already the full chain which >>> looks like at the bottom >>> >>> in case of different certs from different CA's used for different >>> services this my make things less error-prone, not a big deal, only >>> a wish if someone has the knowledge and is willing to implement it >> >> I think that this should be straightforward. I even have a comment in the >> code saying that using a different OpenSSL API would make this work. Does >> this patch work? > > thanks for feedback, sadly i am out of test environments for that because > the testservers are all using self-signed certificates with no CA > > for the moment i can apply that to 4.2.0 RC0 and verify normal TLS > operations and as soon 4.20 is out test it on the production machine > which for now only has one more or less testing domain for TLS https://issues.apache.org/jira/browse/TS-2649 This is fixed for the 5.1 release. J
