openssl-0.9.7f-4 breaks postfix-2.2.2-2
Tomas Mraz
tmraz at redhat.com
Mon Apr 25 18:36:22 UTC 2005
On Mon, 2005-04-25 at 09:49 -0600, Dax Kelson wrote:
> On Mon, 2005-04-25 at 15:55 +0100, Joe Orton wrote:
> > No application should contain hard-coded references to the ca-bundle.crt
> > filename in the first place, they should obtain it at run-time via
> > X509_get_default_cert_file() or if possible just use
> > SSL_CTX_set_default_verify_paths() - can you file bugs on that?
> >
> > Regards,
> >
> > joe
>
> In Saturday's rawhide changelog I read:
>
> dovecot-0.99.14-4.fc4
> ---------------------
> * Fri Apr 22 2005 John Dennis <jdennis at redhat.com> - 0.99.14-4.fc4
> - openssl moved its certs, CA, etc. from /usr/share/ssl to /etc/pki
>
> Does this mean that dovecot was hard-coding references too?
It uses the paths for different purpose - storing the server's key +
certificate - so the rule above doesn't apply.
> BTW, I know that there is a *lot* of documentation out there that
> references the "old" path, /usr/share/ssl. Unfortunately it isn't
> possible for documentation to use SSL_CTX_set_default_verify_paths(). :)
Good point!
--
Tomas Mraz <tmraz at redhat.com>
More information about the devel
mailing list