From: Wietse Venema <wietse@porcupine.org>
Date: Fri, 18 Feb 2005 05:00:00 +0000 (-0500)
Subject: postfix-2.2-20050218
X-Git-Tag: v2.2.0-RC1~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=29c0a390ae07d9fbf106a941874a22c0c958667d;p=thirdparty%2Fpostfix.git

postfix-2.2-20050218
---

diff --git a/postfix/COMPATIBILITY b/postfix/COMPATIBILITY
index f0c27f2e0..7cce6106f 100644
--- a/postfix/COMPATIBILITY
+++ b/postfix/COMPATIBILITY
@@ -8,6 +8,7 @@ address probing	yes (optional persistent database)
 aliases		yes (can enable/disable mail to /file or |command)
 bare newlines	yes (but will send CRLF)
 blacklisting	yes (client name/addr; helo hostname; mail from; rcpt to)
+connection caching yes (SMTP shared cache; LMTP in-process cache)
 content filter	yes (before and after queue, internal and external)
 db tables	yes (compile time option)
 dbm tables	yes (compile time option)
@@ -42,7 +43,7 @@ nis+ tables	yes (contributed)
 no <> in smtp	yes (most common address forms)
 pgsql tables	yes (contributed)
 pipeline option	yes (server and client)
-pop/imap	yes (with third-party daemons that use /var[/spool]/mail)
+pop/imap	yes (with third-party daemons that use mailbox or maildir)
 qmqp server	yes (with verp support)
 rbl support	yes
 return-receipt:	no
@@ -56,7 +57,6 @@ sendmail -qSxxx	no
 sendmail -qtime	ignored
 sendmail -v	yes (sends delivery report via email)
 sendmail.cf	no (uses table-driven address rewriting)
-session caching	yes (SMTP shared multi-session; LMTP non-shared single-session)
 size option	yes, server and client
 smarthost	yes (specify relayhost in main.cf)
 spf		yes (delegated policy script)
diff --git a/postfix/HISTORY b/postfix/HISTORY
index 039cde252..fc108868e 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -10387,6 +10387,11 @@ Apologies for any names omitted.
 	avoid logging that some EHLO keyword is being suppressed.
 	File: global/ehlo_mask.[hc].
 
+20050217
+
+	Bugfix: typo in tls_server.c, breaking CApath.  Fix by
+	Philipp Morger. File: tls/tls_server.c.
+
 Open problems:
 
 	Med: disable header address rewriting after XCLIENT?
diff --git a/postfix/README_FILES/ADDRESS_REWRITING_README b/postfix/README_FILES/ADDRESS_REWRITING_README
index 11a09d8a7..745e7dec4 100644
--- a/postfix/README_FILES/ADDRESS_REWRITING_README
+++ b/postfix/README_FILES/ADDRESS_REWRITING_README
@@ -17,6 +17,10 @@ Examples of address rewriting in Postfix are:
     "username@example.com" by "firstname.lastname@example.com" when sending
     mail, and do the reverse transformation when receiving mail.
 
+  * Replace an internal address by an external address. For example, replace
+    "username@localdomain.local" by "isp-account@isp.example" when sending mail
+    from a home computer to the Internet.
+
   * Replace an address by multiple addresses. For example, replace the address
     of an alias by the addresses listed under that alias.
 
diff --git a/postfix/README_FILES/ADDRESS_VERIFICATION_README b/postfix/README_FILES/ADDRESS_VERIFICATION_README
index 5ef9b3758..e9c119dff 100644
--- a/postfix/README_FILES/ADDRESS_VERIFICATION_README
+++ b/postfix/README_FILES/ADDRESS_VERIFICATION_README
@@ -2,7 +2,7 @@ PPoossttffiixx AAddddrreessss VVeerriiffiiccaattiioonn
 
 -------------------------------------------------------------------------------
 
-WWAARRNNIINNGG WWAARRNNIINNGG WWAARRNNIINNGG
+WWAARRNNIINNGG
 
 The sender/recipient address verification feature described in this document is
 suitable only for low-traffic sites. It performs poorly under high load and may
@@ -15,8 +15,8 @@ Address verification is a feature that allows the Postfix SMTP server to block
 a sender (MAIL FROM) or recipient (RCPT TO) address until the address has been
 verified to be deliverable.
 
-The technique has obvious uses in order to reject junk mail with an unreplyable
-sender address.
+The technique has obvious uses to reject junk mail with an unreplyable sender
+address.
 
 The technique may also be useful to block mail for undeliverable recipients,
 for example on a mail relay host that does not have a list of all the valid
diff --git a/postfix/README_FILES/SASL_README b/postfix/README_FILES/SASL_README
index eb3fa2087..15a9da90c 100644
--- a/postfix/README_FILES/SASL_README
+++ b/postfix/README_FILES/SASL_README
@@ -2,7 +2,7 @@ PPoossttffiixx SSAASSLL HHoowwttoo
 
 -------------------------------------------------------------------------------
 
-WWAARRNNIINNGG WWAARRNNIINNGG WWAARRNNIINNGG
+WWAARRNNIINNGG
 
 People who go to the trouble of installing Postfix may have the expectation
 that Postfix is more secure than some other mailers. The Cyrus SASL library is
diff --git a/postfix/README_FILES/SMTPD_PROXY_README b/postfix/README_FILES/SMTPD_PROXY_README
index 54e4fc938..a394a95e1 100644
--- a/postfix/README_FILES/SMTPD_PROXY_README
+++ b/postfix/README_FILES/SMTPD_PROXY_README
@@ -2,7 +2,7 @@ PPoossttffiixx BBeeffoorree--QQuueeuuee CCoonntteenntt
 
 -------------------------------------------------------------------------------
 
-WWAARRNNIINNGG WWAARRNNIINNGG WWAARRNNIINNGG
+WWAARRNNIINNGG
 
 The before-queue content filtering feature described in this document is
 suitable only for low-traffic sites. See the "Pros and Cons" section below for
diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index 69913f62a..45b581312 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -11,7 +11,7 @@ Major changes with snapshot Postfix-2.2-20050212
 ================================================
 
 When header address rewriting is enabled, Postfix now updates a
-message header only when at least one address address in that header
+message header only when at least one address in that header
 is modified.  Older Postfix versions first parse and then unparse
 a header so that there may be subtle changes in formatting, such
 as the amount of whitespace between tokens, or in capitalization
@@ -29,7 +29,7 @@ Major changes with snapshot Postfix-2.2-20050209
 
 The policy delegation protocol now supplies TLS client certificate
 information after successful verification. The new attribute names
-are ccert_subject, ccert_issuer and cccert_fingerprint.
+are ccert_subject, ccert_issuer and ccert_fingerprint.
 
 Major changes with snapshot Postfix-2.2-20050208
 ================================================
diff --git a/postfix/html/ADDRESS_REWRITING_README.html b/postfix/html/ADDRESS_REWRITING_README.html
index d426b7600..8079a7357 100644
--- a/postfix/html/ADDRESS_REWRITING_README.html
+++ b/postfix/html/ADDRESS_REWRITING_README.html
@@ -38,6 +38,11 @@ replace "username@example.com" by "firstname.lastname@example.com"
 when sending mail, and do the reverse transformation when receiving
 mail.  </p>
 
+<li> <p> Replace an internal address by an external address.  For
+example, replace "username@localdomain.local" by "isp-account@isp.example"
+when sending mail from a home computer to the Internet.
+</p>
+
 <li> <p> Replace an address by multiple addresses. For example,
 replace the address of an alias by the addresses listed under that
 alias.  </p>
diff --git a/postfix/html/ADDRESS_VERIFICATION_README.html b/postfix/html/ADDRESS_VERIFICATION_README.html
index d7fd4b74c..f9cf6ee97 100644
--- a/postfix/html/ADDRESS_VERIFICATION_README.html
+++ b/postfix/html/ADDRESS_VERIFICATION_README.html
@@ -17,7 +17,7 @@
 
 <hr>
 
-<h2>WARNING WARNING WARNING </h2>
+<h2>WARNING </h2>
 
 <p> The sender/recipient address verification feature described in this
 document is suitable only for low-traffic sites. It performs poorly
@@ -31,7 +31,7 @@ below for details. </p>
 server to block a sender (MAIL FROM) or recipient (RCPT TO) address
 until the address has been verified to be deliverable.  </p>
 
-<p> The technique has obvious uses in order to reject junk mail
+<p> The technique has obvious uses to reject junk mail
 with an unreplyable sender address.  </p>
 
 <p> The technique may also be useful to block mail for undeliverable
diff --git a/postfix/html/SASL_README.html b/postfix/html/SASL_README.html
index 2370362a0..faf8dca4f 100644
--- a/postfix/html/SASL_README.html
+++ b/postfix/html/SASL_README.html
@@ -17,7 +17,7 @@
 
 <hr>
 
-<h2>WARNING WARNING WARNING</h2>
+<h2>WARNING</h2>
 
 <p> People who go to the trouble of installing Postfix may have
 the expectation that Postfix is more secure than some other mailers.
diff --git a/postfix/html/SMTPD_PROXY_README.html b/postfix/html/SMTPD_PROXY_README.html
index 5b85b1959..3b1160731 100644
--- a/postfix/html/SMTPD_PROXY_README.html
+++ b/postfix/html/SMTPD_PROXY_README.html
@@ -17,7 +17,7 @@
 
 <hr>
 
-<h2>WARNING WARNING WARNING </h2>
+<h2>WARNING </h2>
 
 <p> The before-queue content filtering feature described in
 this document is suitable only for low-traffic sites. See the "<a
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index e8e300ea7..0eb5018c6 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -1094,7 +1094,8 @@ addresses, in both envelopes and in headers, as controlled
 with the <a href="postconf.5.html#canonical_classes">canonical_classes</a> parameter. This is typically used
 to clean up dirty addresses from legacy mail systems, or to replace
 login names by Firstname.Lastname.  The table format and lookups
-are documented in <a href="canonical.5.html">canonical(5)</a>.
+are documented in <a href="canonical.5.html">canonical(5)</a>. For an overview of Postfix address
+manipulations see the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document.
 </p>
 
 <p>
@@ -5895,10 +5896,19 @@ details. </p>
 
 <p> A case insensitive list of EHLO keywords (pipelining, starttls,
 auth, etc.) that the SMTP client will ignore in the EHLO response
-from a remote SMTP server. Specify the pseudo keyword <b>silent-discard</b>
-to prevent this action from being logged. Use the
-<a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> feature to discard EHLO
-keywords selectively. </p>
+from a remote SMTP server. </p>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent
+this action from being logged. </p>
+
+<li> <p> Use the <a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> feature to
+discard EHLO keywords selectively. </p>
+
+</ul>
 
 
 </DD>
@@ -7359,10 +7369,19 @@ to a remote SMTP client. See <a href="postconf.5.html#smtpd_discard_ehlo_keyword
 
 <p> A case insensitive list of EHLO keywords (pipelining, starttls,
 auth, etc.) that the SMTP server will not send in the EHLO response
-to a remote SMTP client. Specify the pseudo keyword <b>silent-discard</b>
-to prevent this action from being logged. Use the
-<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> feature to discard EHLO
-keywords selectively.  </p>
+to a remote SMTP client. </p>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent
+this action from being logged. </p>
+
+<li> <p> Use the <a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> feature
+to discard EHLO keywords selectively.  </p>
+
+</ul>
 
 
 </DD>
@@ -9494,7 +9513,8 @@ This feature is available in Postfix 2.1 and later.
 <p>
 Optional lookup tables that alias specific mail addresses or domains
 to other local or remote address.  The table format and lookups
-are documented in <a href="virtual.5.html">virtual(5)</a>.
+are documented in <a href="virtual.5.html">virtual(5)</a>. For an overview of Postfix address
+manipulations see the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document.
 </p>
 
 <p>
@@ -9733,8 +9753,8 @@ it will open the table directly. Before Postfix version 2.2, the
 <p> Optional lookup tables with a) names of domains for which all
 addresses are aliased to addresses in other local or remote domains,
 and b) addresses that are aliased to addresses in other local or
-remote domains.  Available before Postfix version 2.0. With Postfix 2.0
-and later, this is replaced by separate controls: <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>
+remote domains.  Available before Postfix version 2.0. With Postfix
+2.0 and later, this is replaced by separate controls: <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>
 and <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. </p>
 
 
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index e5119477c..8984e5ee6 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -582,7 +582,8 @@ addresses, in both envelopes and in headers, as controlled
 with the canonical_classes parameter. This is typically used
 to clean up dirty addresses from legacy mail systems, or to replace
 login names by Firstname.Lastname.  The table format and lookups
-are documented in \fBcanonical\fR(5).
+are documented in \fBcanonical\fR(5). For an overview of Postfix address
+manipulations see the ADDRESS_REWRITING_README document.
 .PP
 If you use this feature, run "\fBpostmap /etc/postfix/canonical\fR" to
 build the necessary DBM or DB file after every change. The changes
@@ -3234,10 +3235,15 @@ details.
 .SH smtp_discard_ehlo_keywords (default: empty)
 A case insensitive list of EHLO keywords (pipelining, starttls,
 auth, etc.) that the SMTP client will ignore in the EHLO response
-from a remote SMTP server. Specify the pseudo keyword \fBsilent-discard\fR
-to prevent this action from being logged. Use the
-smtp_discard_ehlo_keyword_address_maps feature to discard EHLO
-keywords selectively.
+from a remote SMTP server.
+.PP
+Notes:
+.IP \(bu
+Specify the \fBsilent-discard\fR pseudo keyword to prevent
+this action from being logged.
+.IP \(bu
+Use the smtp_discard_ehlo_keyword_address_maps feature to
+discard EHLO keywords selectively.
 .SH smtp_enforce_tls (default: no)
 Enforcement mode: require that remote SMTP servers use TLS
 encryption, and never send mail in the clear.  This also requires
@@ -4154,10 +4160,15 @@ to a remote SMTP client. See smtpd_discard_ehlo_keywords for details.
 .SH smtpd_discard_ehlo_keywords (default: empty)
 A case insensitive list of EHLO keywords (pipelining, starttls,
 auth, etc.) that the SMTP server will not send in the EHLO response
-to a remote SMTP client. Specify the pseudo keyword \fBsilent-discard\fR
-to prevent this action from being logged. Use the
-smtpd_discard_ehlo_keyword_address_maps feature to discard EHLO
-keywords selectively.
+to a remote SMTP client.
+.PP
+Notes:
+.IP \(bu
+Specify the \fBsilent-discard\fR pseudo keyword to prevent
+this action from being logged.
+.IP \(bu
+Use the smtpd_discard_ehlo_keyword_address_maps feature
+to discard EHLO keywords selectively.
 .SH smtpd_end_of_data_restrictions (default: empty)
 Optional access restrictions that the Postfix SMTP server
 applies in the context of the SMTP END-OF-DATA command.
@@ -5429,7 +5440,8 @@ This feature is available in Postfix 2.1 and later.
 .SH virtual_alias_maps (default: $virtual_maps)
 Optional lookup tables that alias specific mail addresses or domains
 to other local or remote address.  The table format and lookups
-are documented in \fBvirtual\fR(5).
+are documented in \fBvirtual\fR(5). For an overview of Postfix address
+manipulations see the ADDRESS_REWRITING_README document.
 .PP
 This feature is available in Postfix 2.0 and later. The default
 value is backwards compatible with Postfix 1.1.
@@ -5567,8 +5579,8 @@ it will open the table directly. Before Postfix version 2.2, the
 Optional lookup tables with a) names of domains for which all
 addresses are aliased to addresses in other local or remote domains,
 and b) addresses that are aliased to addresses in other local or
-remote domains.  Available before Postfix version 2.0. With Postfix 2.0
-and later, this is replaced by separate controls: virtual_alias_domains
+remote domains.  Available before Postfix version 2.0. With Postfix
+2.0 and later, this is replaced by separate controls: virtual_alias_domains
 and virtual_alias_maps.
 .SH virtual_minimum_uid (default: 100)
 The minimum user ID value that the \fBvirtual\fR(8) delivery agent accepts
diff --git a/postfix/proto/ADDRESS_REWRITING_README.html b/postfix/proto/ADDRESS_REWRITING_README.html
index 04fcf3a2f..b681db624 100644
--- a/postfix/proto/ADDRESS_REWRITING_README.html
+++ b/postfix/proto/ADDRESS_REWRITING_README.html
@@ -38,6 +38,11 @@ replace "username@example.com" by "firstname.lastname@example.com"
 when sending mail, and do the reverse transformation when receiving
 mail.  </p>
 
+<li> <p> Replace an internal address by an external address.  For
+example, replace "username@localdomain.local" by "isp-account@isp.example"
+when sending mail from a home computer to the Internet.
+</p>
+
 <li> <p> Replace an address by multiple addresses. For example,
 replace the address of an alias by the addresses listed under that
 alias.  </p>
diff --git a/postfix/proto/ADDRESS_VERIFICATION_README.html b/postfix/proto/ADDRESS_VERIFICATION_README.html
index 8d30c611d..84ea346ba 100644
--- a/postfix/proto/ADDRESS_VERIFICATION_README.html
+++ b/postfix/proto/ADDRESS_VERIFICATION_README.html
@@ -17,7 +17,7 @@
 
 <hr>
 
-<h2>WARNING WARNING WARNING </h2>
+<h2>WARNING </h2>
 
 <p> The sender/recipient address verification feature described in this
 document is suitable only for low-traffic sites. It performs poorly
@@ -31,7 +31,7 @@ below for details. </p>
 server to block a sender (MAIL FROM) or recipient (RCPT TO) address
 until the address has been verified to be deliverable.  </p>
 
-<p> The technique has obvious uses in order to reject junk mail
+<p> The technique has obvious uses to reject junk mail
 with an unreplyable sender address.  </p>
 
 <p> The technique may also be useful to block mail for undeliverable
diff --git a/postfix/proto/SASL_README.html b/postfix/proto/SASL_README.html
index 86d35b209..fd807bf43 100644
--- a/postfix/proto/SASL_README.html
+++ b/postfix/proto/SASL_README.html
@@ -17,7 +17,7 @@
 
 <hr>
 
-<h2>WARNING WARNING WARNING</h2>
+<h2>WARNING</h2>
 
 <p> People who go to the trouble of installing Postfix may have
 the expectation that Postfix is more secure than some other mailers.
diff --git a/postfix/proto/SMTPD_PROXY_README.html b/postfix/proto/SMTPD_PROXY_README.html
index 58a04913f..2992f6df2 100644
--- a/postfix/proto/SMTPD_PROXY_README.html
+++ b/postfix/proto/SMTPD_PROXY_README.html
@@ -17,7 +17,7 @@
 
 <hr>
 
-<h2>WARNING WARNING WARNING </h2>
+<h2>WARNING </h2>
 
 <p> The before-queue content filtering feature described in
 this document is suitable only for low-traffic sites. See the "<a
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 935e255b9..a5ff67846 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -674,7 +674,8 @@ addresses, in both envelopes and in headers, as controlled
 with the canonical_classes parameter. This is typically used
 to clean up dirty addresses from legacy mail systems, or to replace
 login names by Firstname.Lastname.  The table format and lookups
-are documented in canonical(5).
+are documented in canonical(5). For an overview of Postfix address
+manipulations see the ADDRESS_REWRITING_README document.
 </p>
 
 <p>
@@ -5726,7 +5727,8 @@ This feature is available in Postfix 2.1 and later.
 <p>
 Optional lookup tables that alias specific mail addresses or domains
 to other local or remote address.  The table format and lookups
-are documented in virtual(5).
+are documented in virtual(5). For an overview of Postfix address
+manipulations see the ADDRESS_REWRITING_README document.
 </p>
 
 <p>
@@ -7474,28 +7476,45 @@ parameter in the default main.cf file.  </p>
 <p> Optional lookup tables with a) names of domains for which all
 addresses are aliased to addresses in other local or remote domains,
 and b) addresses that are aliased to addresses in other local or
-remote domains.  Available before Postfix version 2.0. With Postfix 2.0
-and later, this is replaced by separate controls: virtual_alias_domains
+remote domains.  Available before Postfix version 2.0. With Postfix
+2.0 and later, this is replaced by separate controls: virtual_alias_domains
 and virtual_alias_maps. </p>
 
 %PARAM smtp_discard_ehlo_keywords
 
 <p> A case insensitive list of EHLO keywords (pipelining, starttls,
 auth, etc.) that the SMTP client will ignore in the EHLO response
-from a remote SMTP server. Specify the pseudo keyword <b>silent-discard</b>
-to prevent this action from being logged. Use the
-smtp_discard_ehlo_keyword_address_maps feature to discard EHLO
-keywords selectively. </p>
+from a remote SMTP server. </p>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent
+this action from being logged. </p>
+
+<li> <p> Use the smtp_discard_ehlo_keyword_address_maps feature to
+discard EHLO keywords selectively. </p>
+
+</ul>
 
 %PARAM smtpd_discard_ehlo_keywords
 
 <p> A case insensitive list of EHLO keywords (pipelining, starttls,
 auth, etc.) that the SMTP server will not send in the EHLO response
-to a remote SMTP client. Specify the pseudo keyword <b>silent-discard</b>
-to prevent this action from being logged. Use the
-smtpd_discard_ehlo_keyword_address_maps feature to discard EHLO
-keywords selectively.  </p>
+to a remote SMTP client. </p>
 
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent
+this action from being logged. </p>
+
+<li> <p> Use the smtpd_discard_ehlo_keyword_address_maps feature
+to discard EHLO keywords selectively.  </p>
+
+</ul>
 %PARAM smtp_discard_ehlo_keyword_address_maps
 
 <p> Lookup tables, indexed by the remote SMTP server address, with
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 2cd60ecea..313778c1a 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change the patchlevel and the release date. Snapshots change the
   * release date only.
   */
-#define MAIL_RELEASE_DATE	"20050216"
+#define MAIL_RELEASE_DATE	"20050218"
 #define MAIL_VERSION_NUMBER	"2.2"
 
 #define VAR_MAIL_VERSION	"mail_version"
diff --git a/postfix/src/tls/tls_server.c b/postfix/src/tls/tls_server.c
index fc7ec92ab..5b8efba5d 100644
--- a/postfix/src/tls/tls_server.c
+++ b/postfix/src/tls/tls_server.c
@@ -333,7 +333,7 @@ SSL_CTX *tls_server_init(int unused_verifydepth, int askcert)
      * copy of the CApath directory for chroot-jail.
      */
     if (tls_set_ca_certificate_info(server_ctx, var_smtpd_tls_CAfile,
-				    var_smtpd_tls_CAfile) < 0) {
+				    var_smtpd_tls_CApath) < 0) {
 	SSL_CTX_free(server_ctx);		/* 200411 */
 	return (0);
     }