What is ca_path for when TCP input transport tls

[fengap]

I was configuration transport tls with one-way authorization with CA cert. I don't want client cert authorization. so I configured as:

cert_path /mypath/fluntd.cer
private_key_path /mypath/flunetd.key
private_key_passphrase password

My question is why it doesn't work? I have to add the CA ROOT in ca_path /mypath/caroot.cert.

In the documation ca_path and client_cert_auth=true are for two-ways authorization. why I used one-way, still need ca_path

[fujimotos]

My question is why it doesn't work? I have to add the CA ROOT in ca_path /mypath/caroot.cert.

I'm not totallly sure what your question is. Generally speaking, you
need to configure the cert path both in the client and the server.

This is how X509 chain works. Your client requires a CA root in order
to traverse trusted chains up to the server cert.