Mercurial > dovecot > original-hg > dovecot-1.2
changeset 4695:07afd19bc53e HEAD
Updates to ssl_ca_file and ssl_username_from_cert comments in
dovecot-example.conf. Added better logging for "Invalid certificate". Patch
by HenkJan Wolthuis (hj wolthuis kaw nl)
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 16 Oct 2006 01:07:10 +0300 |
parents | aade653ff6c3 |
children | abf9a1234b99 |
files | dovecot-example.conf src/login-common/ssl-proxy-openssl.c |
diffstat | 2 files changed, 6 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/dovecot-example.conf Mon Oct 16 00:31:20 2006 +0300 +++ b/dovecot-example.conf Mon Oct 16 01:07:10 2006 +0300 @@ -95,6 +95,8 @@ #ssl_key_password = # File containing trusted SSL certificate authorities. Usually not needed. +# The CAfile should contain the CA-certificate(s) followed by the matching +# CRL(s). CRL checking is new in dovecot .rc1 #ssl_ca_file = # Request client to send a certificate. @@ -902,8 +904,9 @@ # Require a valid SSL client certificate or the authentication fails. #ssl_require_client_cert = no - # Take the username from client's SSL certificate, using X509_NAME_oneline() - # which typically uses subject's Distinguished Name. + # Take the username from client's SSL certificate, using + # X509_NAME_get_text_by_NID() which returns the subject's DN's + # CommonName. #ssl_username_from_cert = no # It's possible to export the authentication interface to other programs:
--- a/src/login-common/ssl-proxy-openssl.c Mon Oct 16 00:31:20 2006 +0300 +++ b/src/login-common/ssl-proxy-openssl.c Mon Oct 16 01:07:10 2006 +0300 @@ -632,7 +632,7 @@ (void)X509_NAME_oneline(subject, buf, sizeof(buf)); buf[sizeof(buf)-1] = '\0'; /* just in case.. */ if (!preverify_ok) - i_info("Invalid certificate: %s", buf); + i_info("Invalid certificate: %s: %s", X509_verify_cert_error_string(ctx->error),buf); else i_info("Valid certificate: %s", buf); }