Szépe Viktor writes:
Thank you!openssl s_client -crlf -CAfile /etc/ssl/certs/ca-certificates.crt -connect smtp.mandrillapp.com:587 -starttls smtp says: Verify return code: 0 (ok) Maybe openssl does not resolve the CNAME but validates the certificate to smtp.mandrillapp.com
I don't know. OpenSSL's documentation is very poor. Maybe the current version of OpenSSL provides a library function to validate a domain name, but it didn't, so every OpenSSL-using application has to implement domain validation on its own.
GnuTLS provides a standard library function to validate the peer's domain. Try recompiling Courier to use GnuTLS, instead of OpenSSL.
pgpfYQ7aiDLE1.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
