base.m4: Use certlists including the issuer, rather than bare certificates.

author Mark Wooding <mdw@distorted.org.uk>

Sat, 20 Dec 2014 13:21:58 +0000 (13:21 +0000)

committer Mark Wooding <mdw@distorted.org.uk>

Sat, 20 Dec 2014 13:21:58 +0000 (13:21 +0000)
author Mark Wooding <mdw@distorted.org.uk>
Sat, 20 Dec 2014 13:21:58 +0000 (13:21 +0000)
committer Mark Wooding <mdw@distorted.org.uk>
Sat, 20 Dec 2014 13:21:58 +0000 (13:21 +0000)
diff --git a/base.m4 b/base.m4

index e74803d..73c454b 100644 (file)
--- a/base.m4
+++ b/base.m4
@@ -89,7 +89,7 @@ SECTION(global, bounce)m4_dnl
  delay_warning = 1h : 24h : 2d
  
  SECTION(global, tls)m4_dnl
-tls_certificate = CONF_sysconf_dir/server.cert
+tls_certificate = CONF_sysconf_dir/server.certlist
  tls_privatekey = CONF_sysconf_dir/server.key
  tls_advertise_hosts = ${if exists {CONF_sysconf_dir/server.key} {*}{}}
  tls_dhparam = CONF_ca_dir/dh-param-2048.pem
@@ -414,7 +414,7 @@ smtp_dhbits_2048:
  smtp_local:
         driver = smtp
         hosts_require_tls = *
-       tls_certificate = CONF_sysconf_dir/client.cert
+       tls_certificate = CONF_sysconf_dir/client.certlist
         tls_privatekey = CONF_sysconf_dir/client.key
         tls_verify_certificates = CONF_ca_dir/ca.cert
         tls_require_ciphers = CONF_good_ciphers
author	Mark Wooding <mdw@distorted.org.uk>
	Sat, 20 Dec 2014 13:21:58 +0000 (13:21 +0000)
committer	Mark Wooding <mdw@distorted.org.uk>
	Sat, 20 Dec 2014 13:21:58 +0000 (13:21 +0000)