search for: preverify_ok

...- + /* HJHJ */ + return *name == '\0' ? NULL : name; } @@ -582,10 +588,22 @@ proxy = SSL_get_ex_data(ssl, extdata_index); proxy->cert_received = TRUE; + + /* HJHJ */ + char buf[1024]; + X509_NAME_oneline( X509_get_subject_name(ctx->current_cert),buf,sizeof(buf)); + if (!preverify_ok) + { proxy->cert_broken = TRUE; + i_warning("BAD CERT %s: %s",X509_verify_cert_error_string(ctx->error),buf); + } + else + { i_warning("CERT: %s",buf); } /* logging */ - return 1; + return preverify_ok; + /* HJHJ */ + } static int @@ -666,10 +684,20 @@ if...

...require_crl, ctx->error ); if (proxy->client_proxy && !proxy->set->ssl_require_crl && (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL || ctx->error == X509_V_ERR_CRL_HAS_EXPIRED)) { /* no CRL given with the CA list. don't worry about it. */ preverify_ok = 1; } With my setup proxy->client_proxy is 0. I added the i_info() to check this and with this modification my syslog shows: Apr 7 13:01:16 d600 dovecot: master: Dovecot v2.1.15 starting up (core dumps disabled) Apr 7 13:01:21 d600 dovecot: auth: Debug: Loading modules from directory: /usr/...

Today I've been trying to get dovecot (1.0 rc2) to use certificates for client side authentication. If my memory serves right, beta8 had no problems with it (although it was some time ago and on different machine). Similar setup works perfectly well for postfix (for authentication that is, on the same machine). Originally I thought I overdid some certificate settings (keyUsage, nsCertType,