dovecot - Nov 2009 - 2.0.alpha3 ssl_ca_file is broken

In dovecot-2.0.alpha3, setting "ssl_ca_file = /path/to/file" in
conf.d/ssl.conf does not work, because imap-login chroots before opening the
ca_file.  Perhaps this parameter could be replaced with "ssl_ca =
</path/to/file" as was done with ssl_cert and ssl_key.

Tue Nov 17 11:19:38 server dovecot[1143]: imap-login: Fatal: Error reading
configuration: Invalid settings: ssl_ca_file: access(/path/to/file) failed: No
such file or directory

On Tue, 2009-11-17 at 13:38 -0600, Mike Abbott wrote:
> In dovecot-2.0.alpha3, setting "ssl_ca_file = /path/to/file" in
conf.d/ssl.conf does not work, because imap-login chroots before opening the
ca_file.  Perhaps this parameter could be replaced with "ssl_ca =
</path/to/file" as was done with ssl_cert and ssl_key.
Hmm. How do people use the ssl_ca_file in general? Does it have only a
single CA (or a couple) or does is it some huge file? I'd guess this
would be similar to certs/keys, so that if you're using multiple certs,
each IP would be using one CA, one cert, one key. Right?

I'm just mainly worried about config process having to send some huge CA
file.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20091117/8a14bbf7/attachment-0002.bin>

> Hmm. How do people use the ssl_ca_file in general? Does it have only a
> single CA (or a couple) or does is it some huge file?
I don't know about other people, but I have only ever used single-entry CA
files.