[imp] What to do about the root of our certificate chain?
Michael M Slusarz
slusarz at horde.org
Wed May 24 10:21:26 PDT 2006
Quoting Cliff Green <green at umdnj.edu>:
>> I do not really understand the error message quoted above.
>> - I thought that Imp contacts the IMAP server which presents a certificate
>> to Imp so it can check that it is contacting the real server (and no
>> fake IMAP server). But then, which server tells Imp that the CA
>> chain is broken?
>
> The OpenSSL libraries compiled into your PHP are doing that work,
> after your c-client library does the imap connection.
Actually, I think it would be more correct to say the OpenSSL
libraries compiled into your *c-client* is doing the work. I don't
think the OpenSSL code compiled into PHP is checking the IMAP certs
with the local certificate store - I think this is being done by
c-client only. But I could be wrong about this.
michael
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the imp
mailing list