<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /></head><body style='font-size: 10pt; font-family: Verdana,Geneva,sans-serif'>
<p>Hello Daniel,</p>
<p>thank you for the answers.</p>
<p>1) On my server if I change tls_ca_dir to tls_server_ca_file I get certificate problem on my IMAP client (K-9 mail on android)</p>
<p>but with tls_client_ca_file it is working well as with tls_ca_dir...</p>
<p>So maybe my certificate files are not well built.</p>
<p> </p>
<p>Best regards</p>
<p>Gaël</p>
<p>Le 10/03/2015 00:48, Daniel Hoffend a écrit :</p>
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0"><!-- html ignored --><!-- head ignored --><!-- meta ignored -->
<div class="pre" style="margin: 0; padding: 0; font-family: monospace">Hello Gaël<br /><br /> Thanks for the feedback and regarding updates/changes to the documentation. Feel free to fork and modifiy our kolab documention on github and send us back a Merge Request.<br /><br /><a href="https://github.com/kolab-groupware/kolab-docs">https://github.com/kolab-groupware/kolab-docs</a><br /><br /> 1) tls_ca_dir<br /><br /> I wrote the upgrade guide, but tbh, both paramters tls_server_ca_dir and tls_client_ca_dir are rarely used. But the client one is more wrong the the server one. Here's why:<br /><br /> If you read the cyrus documention (which gets better every day), you'll see that tls_client_ca_dir is used for authenticating clients that are using customized issued certificates. I don't know about any "Kolab" users who're using client certificates for authentication). tls_server_ca_dir is used to verify the ssl certificate of other imap servers (which should apply in a murder/replication setup, afaik).<br /><br /> I'll leave it in the docs as it is. It's more likely that you verify the ssl certificate of your replication/murder servers compared to verification of your client issued certificates.<br /><br /> 2) upgrade notes about restarting services<br /><br /> I've added a note to the git repository to make it more clear. It will be on the docs mainpage at a later point (when someone pushes the button).<br /><br /> [master 3f915f1] adding note about restart python daemons<br /> 1 file changed, 13 insertions(+), 2 deletions(-)<br /><br /> --<br /> Regards<br /> Daniel Hoffend<br /><br /> ------ Originalnachricht ------<br /> Von: <a href="mailto:kolab_mailing_list@evenat.eu">kolab_mailing_list@evenat.eu</a><br /> An: <a href="mailto:users@lists.kolab.org">users@lists.kolab.org</a><br /> Gesendet: 09.03.2015 18:33:20<br /> Betreff: Upgrade Notes from Kolab 3.3 to 3.4<br /><br />
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">Hello,<br /><br /> I don't know how I should contact, but on web page "Upgrade Notes from Kolab 3.3 to 3.4" (<a href="https://docs.kolab.org/administrator-guide/upgrading-from-kolab-3.3-to-3.4.html#etc-imapd-conf">https://docs.kolab.org/administrator-guide/upgrading-from-kolab-3.3-to-3.4.html#etc-imapd-conf</a>)<br /><br /> I think there is an error:<br /><br /> it should be<br /><br /> tls_ca_file --> tls_client_ca_dir<br /> instead of tls_ca_file --> tls_server_ca_file<br /><br /> See: <a href="https://docs.cyrus.foundation/imap/release-notes/2.5-current.html#option-name-changes-for-tls">https://docs.cyrus.foundation/imap/release-notes/2.5-current.html#option-name-changes-for-tls</a><br /><br /><br /><br /> + I would suggest to state more clearly that wallace service should be restarted with "service wallace restart" even if we don't use "wallace for resource management". I've been stuck not being able to send & receive mails until I manually restart wallace service (server restart didn't solve the issue)<br /><br /> (in <a href="https://docs.kolab.org/administrator-guide/upgrading-from-kolab-3.3-to-3.4.html#etc-kolab-kolab-conf">https://docs.kolab.org/administrator-guide/upgrading-from-kolab-3.3-to-3.4.html#etc-kolab-kolab-conf</a>)<br /><br /><br /><br /> Regards<br /><br /> Gaël<br /><br /></blockquote>
</div>
</blockquote>
<p> </p>
<div> </div>
</body></html>