Loading ...
Sorry, an error occurred while loading the content.

Re: openSUSE chroot setup for TLS workaround

Expand Messages
  • Carsten Hoeger
    ... Although I am reading this, I am sorry to say, that this is no longer my business. I suggest to open a bug at https://bugzilla.novell.com -- With best
    Message 1 of 2 , Jul 23, 2010
    • 0 Attachment
      On Fri, Jul 23, Matthias Andree wrote:

      > Greetings,
      >
      > I haven't checked if it's a flaw in my configuration, but anyways,
      > for the records:
      >
      > openSUSE 11.3 does not seem to automatically set up the TLS certs
      > for the chroot if you have smtp_tls_CApath set, but not
      > smtpd_tls_CApath (note the d in smtp vs. smtpd).
      >
      > I needed to do this to get my SMTP client work again:
      >
      > sudo c_rehash /etc/ssl/certs/ # just to be on the safe side
      > sudo rsync -av /etc/ssl/certs/ /var/spool/postfix/etc/ssl/certs
      > --del --copy-unsafe-links -H
      >
      > Note that smtpd_tls_CApath would call rsync -avH, which would copy
      > symlinks verbatim into the chroot, which get broken along the way
      > because there is no /usr/share/ca-certificates inside the Postfix
      > chroot (this is a fault in SuSEconfig.postfix).
      >
      > Note that SUSE /etc/ssl/certs .pem files are actually symlinks to
      > /usr/share/ca-certificates/mozilla/... managed by
      > update-ca-certificates, hence the copy-unsafe-links.
      >
      > I don't currently have time to do a formal bug report against
      > SuSEconfig.postfix, and I'm unsure if they or I care enough. Perhaps
      > Carsten Höger reads this?

      Although I am reading this, I am sorry to say, that this is no longer my
      business. I suggest to open a bug at https://bugzilla.novell.com


      --
      With best regards,

      Carsten Hoeger
    Your message has been successfully submitted and would be delivered to recipients shortly.