On 2021-02-26 at 23:54 +0100, Samuel Thibault wrote: > ssl_ca_file > ssl_ca_path /etc/ssl/certs, ~/.ssl/certs
Ah, multiple paths in ssl_ca_path is not supported. The value is directly passed to OpenSSL's SSL_CTX_load_verify_locations. So, your configuration means the single nonexistence directory "/etc/ssl/certs, ~/.ssl/certs" is used. -2 implicitly adds OpenSSL default paths that helps you, but I think this is a bug and fixed in -3. Probably, you should set the following. ``` ssl_ca_file /etc/ssl/certs/ca-certificates.crt ssl_ca_path ~/.ssl/certs ``` Thanks, -- Tatsuya Kinoshita
pgppQSAUyauh8.pgp
Description: PGP signature
