Bug#894567: cyrus-imapd: client certificate revocation (tls_crl_file in imapd.conf) not working?
Juergen Pfennig
info at j-pfennig.de
Sun Apr 1 16:37:22 UTC 2018
Package: cyrus-imapd
Version: 2.4.17+nocaldav-0+deb8u2
Severity: normal
Dear Maintainer,
Some clients (Android K9) support TLS client certificates, which works
fine until the device gets stolen. But how to revoke certificates?
At cyrusimap.org they document a tls_crl_file config parameter. See:
https://www.cyrusimap.org/dev/imap/reference/manpages/configs/imapd.conf.html
This parameter does not show up in debian documentation (jessie and stretch).
There is no error message when cyrus-imapd startis with this parameter pointing to a non-existing file.
Is this parameter implemented at all or silently ignored?
What else could be done to revoke a single certificate?
Yours
Jürgen
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: 8.10
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-0.bpo.5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages cyrus-imapd depends on:
ii cyrus-common 2.4.17+nocaldav-0+deb8u2
ii dpkg 1.17.27
ii libc6 2.19-18+deb8u10
ii libcomerr2 1.42.12-2+b1
ii libdb5.3 5.3.28-9+deb8u1
ii libkrb5-3 1.12.1+dfsg-19+deb8u4
ii libsasl2-2 2.1.26.dfsg1-13+deb8u1
ii libssl1.0.0 1.0.1t-1+deb8u8
ii libwrap0 7.6.q-25
ii zlib1g 1:1.2.8.dfsg-2+b1
cyrus-imapd recommends no packages.
cyrus-imapd suggests no packages.
-- no debconf information
More information about the Pkg-Cyrus-imapd-Debian-devel
mailing list