On 2004-03-06 "J.H.M. Dassen (Ray)" <fsmla@???> wrote:
[...]
> AFAICT the problem is in the way src/tls-gnu.c's tls_init() tries to set up
> the trusted CAs. Basically it just hands the job off to
> gnutls_certificate_set_x509_trust_file.
> That function returns GNUTLS_E_FILE_ERROR when passed the name of an empty
> file. Also strace-ing of test code (see attachment) suggests it isn't
> intended to handle a directory at all.
> Exim's documentation says `tls_verify_certificates' may point to a directory
> as well - presumably that was written based on the OpenSSL implementation.
Exim's documentation says *very* clearly that using a directory is
OpenSSL-only.
cu andreas
