The num is the error number returned by the ssl(8)
software.
The CACertFile option is not safe. If specified from the command line, it can cause sendmail
to relinquish its special privileges.
24.9.12 CACertPath
Directory with certificate authority certs V8.11 and later
STARTTLS and stream encryption are discussed in detail in ?§5.3 on page 202. Among the
items you must provide is a directory that contains the certificate of the authority for the
server (?§24.9.106 on page 1087) and client (?§24.9.16 on page 984) as well as other certificates
of authority you wish to trust. This directory contains both the certificates of authority
and hashes of those certificates (more about this soon). The location of the CA certificate
directory is specified with this CACertPath option, with declarations that look like this:
O CACertPath=dir ?†? configuration file (V8.12 and later)
-OCACertPath=dir ?†? command line (V8.12 and later)
define(`confCACERT_PATH??,`dir??) ?†? mc configuration (V8.12 and later
Here, dir is a full path specification of the directory containing the CA certificate files and
their hashes. The dir can contain sendmail macros, and if so, those macros will be
expanded (their values used) when the configuration file, or command line, is read:
define(`confCACERT_PATH??, `${MyCERTPath}??)
The dir must be a full pathname (must begin with a slash), or the directory will be rejected
and the following error logged:
STARTTLS=server: file dir unsafe: reason
STARTTLS=client: file dir unsafe: reason
Here, dir is the directory separately specified by the CACertPath option (?§24.
Pages:
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737