similar to: OpenSSL Advisory affects Exim

On 2015/2/16 16:28, Jochen Bern wrote: > On 02/16/2015 04:23 PM, Reindl Harald wrote: >>> "The CA file should contain the certificate(s) followed by the >>> matching CRL(s). Note that the CRLs are required to exist. For a >>> multi-level CA place the certificates in this order: >>> >>> Issuing CA cert >>> Issuing CA CRL

Hi I'm trying to use dovecot with client certificates. We produce our certificates with our on CA and we do NOT use certificate revocation lists. So I put "ssl_require_crl = no" into 10-ssl.conf. I did not find a solution neither in the wiki nor somewhere else, so I finally started to read the source. My impression is that openssl will always try to use CRLs. If

Thanks for the note. I had never seen anything in the postfix and apache documentation that the CRLs could be intermingled with the CRTs in the CRT file. The documentation for those programs suggests putting the CRLs in a separate file (e.g. apache SSLCARevocationFile) or doesn't talk about putting CRLs in with the certs (e.g. postfix smtpd_tls_cert_file). If it works to put them all in one

The Dovecot wiki [1] doesn't list either Exim, Postfix or anything else as supporting the dbox. I did some searching in the Exim archives and have found only one message mentioning dbox, sdbox or mdbox. [2] I think an RFC would go a long way towards getting the format supported. Has Timo, or anyone else, considered submitting an RFC to the IETF? My question was how are we going to use it

Why not /etc/dovecot/private? That's where I put my dovecot certs. Dovecot's needs are a bit different from other software, and so it is unclear whether the files won't be unique to it. For example, I haven't seen the following before I read it on the Dovecot wiki: "The CA file should contain the certificate(s) followed by the matching CRL(s). Note that the CRLs are required

Hi all, I have pleasure to announce new version f of "X.509 certificates support in OpenSSH" Please to update your bookmarks/favorites with new location: http://roumenpetrov.info/openssh Old location is available too: http://satva.skalasoft.com/~rumen/openssh What's new: * support "Certificate Revocation Lists" (CRLs) * ssh-keyscan can show hostkey with

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 16 June 2019 15:47 Marvin Gülker via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote: </div>

Dear List, I self-host my e-mail and run Dovecot since ever I do that. Dovecot version is 2.3.4.1 (f79e8e7e4), running on Debian testing. Now I am trying to configure Dovecot for client TLS certificates. I have a self-signed certificate whose private key resides on a smartcard (Yubikey, to be exact). I wanted Dovecot to accept that TLS client certificate instead of a password. So I searched and

Am 16.02.2015 um 15:53 schrieb dovecot at lists.killian.com: > Why not /etc/dovecot/private? That's where I put my dovecot certs. Dovecot's needs are a bit different from other software, and so it is unclear whether the files won't be unique to it. For example, I haven't seen the following before I read it on the Dovecot wiki: > > "The CA file should contain the

On Mon, 21 Sep 2015, Edgar Pettijohn wrote: > doveconf -n? doveconf -n|grep ssl should suffice: ssl = required ssl_ca = </usr/local/share/certs/ca-root-nss.crt ssl_cert = </path/to/my/file.pem ssl_key = </path/to/my/file.pem ssl_require_crl = no I'm using "ssl_ca = </usr/local/share/certs/ca-root-nss.crt" as a temporary workaround, even though this is not what

Alle, I have installed and enabled (I think) the yum protectbase plugin: [cwfox at lurker ~]$ rpm -qa | grep -i protectbase yum-plugin-protectbase-1.1-1.c4 [cwfox at lurker ~]$ cat /etc/yum/pluginconf.d/protectbase.conf [main] enabled = 1 [cwfox at lurker ~]$ grep plugin /etc/yum.conf plugins=1 [cwfox at lurker ~]$ cat /etc/yum.repos.d/CentOS-Base.repo <SNIP> [base]

I''m using activerecord outside of rails and find_first generates sql that postgresql doesnt'' like. This is rails 1.1.4, with everything up to date via "gem update". This is the command line: ruby -rrubygems seca -c ../etc/seca.cnf cert --export 1 --format pkcs12 --key root.key >root.pfx This is the error: (PGError: ERROR: argument of WHERE must be type

On 09/21/2015 05:11 PM, Alex Bulan wrote: > On Mon, 21 Sep 2015, Edgar Pettijohn wrote: > >> doveconf -n? > > doveconf -n|grep ssl should suffice: > > ssl = required shouldn't it be: ssl = yes I was only aware of the choice of yes or no here, but I could be wrong. > ssl_ca = </usr/local/share/certs/ca-root-nss.crt > ssl_cert = </path/to/my/file.pem >

CentOS Errata and Bugfix Advisory 2011:0443 Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-0443.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: c5b982d2a23d6d662caa7e8e6fa49572 exim-4.63-10.el5.i386.rpm a9d31969698c378793bd125d11e64e24 exim-mon-4.63-10.el5.i386.rpm e4e8ea181248654909c275232bdfb480

CentOS Errata and Bugfix Advisory 2010:0522 Upstream details at : https://rhn.redhat.com/errata/RHBA-2010-0522.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: 9afddfd5ba6a2970bb3b879598c22470 exim-4.63-5.el5_5.1.x86_64.rpm c46e505349448761a61bcd844fd16660 exim-mon-4.63-5.el5_5.1.x86_64.rpm

CentOS Errata and Bugfix Advisory 2010:0522 Upstream details at : https://rhn.redhat.com/errata/RHBA-2010-0522.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: cfbbb839962ea0448d39f47af4e732c9 exim-4.63-5.el5_5.1.i386.rpm cf1673b7358261d72a2dc38299655b92 exim-mon-4.63-5.el5_5.1.i386.rpm 36c803608bc67c5151d2547b3b19cdc6

CentOS Errata and Security Advisory 2011:0153 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-0153.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: 3dd283a3b4111978eb741a91691fb892 exim-4.63-5.el5_6.2.i386.rpm 6708092a34aa4f2c6e7e50c25b1b75fa exim-mon-4.63-5.el5_6.2.i386.rpm

CentOS Errata and Security Advisory 2011:0153 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-0153.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: 26141ec1eb3f4f3df1bee4b7f010d9eb exim-4.63-5.el5_6.2.x86_64.rpm 173601fe364c919a9ff713d2e420ad26 exim-mon-4.63-5.el5_6.2.x86_64.rpm

CentOS Errata and Enhancement Advisory 2011:0443 Upstream details at : http://rhn.redhat.com/errata/RHBA-2011-0443.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: c54a8e2a9b4f2fc521d5d6c289366d4c exim-4.63-10.el5.i386.rpm 5e1012715ee15bd5e2a63daec56717ea exim-mon-4.63-10.el5.i386.rpm 2c1c675ad2128da3e584207f6fc693f2

CentOS Errata and Enhancement Advisory 2011:0443 Upstream details at : http://rhn.redhat.com/errata/RHBA-2011-0443.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: 850c635829f64b93298895a1157744d2 exim-4.63-10.el5.x86_64.rpm 8ea779508f258ffcb639bdf315fc7af6 exim-mon-4.63-10.el5.x86_64.rpm