11 and later
Here, path is a full path specification of the file containing the CA certificate. The path can
contain sendmail macros, and if so, those macros will be expanded (their values used) when
the configuration file, or command line, is read:
define(`confCACERT??, `${MyCERTPath}/CAcert.pem??)
The path must be a full pathname (must begin with a slash) and must also live in a directory
that is safe (every component of which is writable only by root or the trusted user
specified in the TrustedUser option) and must itself be safe (owned by and writable only by
root or the trusted user specified in the TrustedUser option; see ?§24.9.122 on page 1112). If
it is not, it will be rejected and the following error logged:
STARTTLS=server: file path unsafe: reason
STARTTLS=client: file path unsafe: reason
But even if all goes well this far, there is still a chance that the SSL software will reject the
certificate, and sendmail will log the following:
STARTTLS=server, error: load verify locs dir, path failed: num
STARTTLS=client, error: load verify locs dir, path failed: num
This is the Title of the Book, eMatter Edition
Copyright ?© 2007 O??™Reilly & Associates, Inc. All rights reserved.
982 | Chapter 24: The O (Options) Configuration Command
Here, dir is the directory specified by the CACertPath option (?§24.9.12 on page 982) and
path is the file specified by this option.
Pages:
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736