>But I'm want to use this with STARTTLS with doTLS on. It's possible ?
This does not make any sense to me. And no - this is currently not
possible.
Thomas
Von: Alexandre de Arruda Paes <adald...@gmail.com>
An: For Users of ASSP <assp-user@lists.sourceforge.net>
Datum: 21.06.2017 17:50
Betreff: Re: [Assp-user] Multiple SSL certs
Thomas,
But I'm want to use this with STARTTLS with doTLS on. It's possible ?
2017-06-21 10:26 GMT-03:00 Thomas Eckardt <thomas.ecka...@thockar.com>:
You may try the following:
Call to Configure SSL-Listener-Parameters for GUI Connections
(SSLWEBConfigure) •
CorrectASSPcfg::configWebSSL
If used, assp will call the defined subroutine in an eval closure
submitting a reference to the assp predefined
SSL-Socket-Configuration-HASH.
The HASH could be modified in place to your needs - please read the
documentation of IO::Socket::SSL, Net::SSLeay and OpenSSL. Return values
are ignored.
You can use/modify the module lib/CorrectASSPcfg.pm to implement your
code. For example
sub configWebSSL {
$parms = shift;
$parms->{timeout} = 10;
$parms->{'SSL_check_crl'} = 1;
$parms->{'SSL_crl_file'} = '/assp/certs/crl/crllist.pem';
return;
}
If the SSL listener should be able to use different certificates on the
same IP address, depending on the name given by SNI, you can use a hash
reference instead of a file with hostname => cert_file.
In case certs and keys are needed but not given it might fall back.
sub configWebSSL {
$parms = shift;
$parms->{SSL_cert_file} = {
"foo.example.org" => "/path_to_file/foo-cert.pem",
"bar.example.org" => "/path_to_file/bar-cert.pem",
# used when nothing matches or client does not support SNI
"" => "/path_to_file/server-cert.pem",
}
$parms->{SSL_key_file} = {
"foo.example.org" => "/path_to_file/foo-key.pem",
"bar.example.org" => "/path_to_file/bar-key.pem",
# used when nothing matches or client does not support SNI
"" => "/path_to_file/server-key.pem",
}
}
Now, if you set this parameter to 'CorrectASSPcfg::configWebSSL' - assp
will call
CorrectASSPcfg::configWebSSL->(\%sslparms);
NOTICE: This option will possibly not work if you use any self signed
certificate!
Thomas
Von: Alexandre de Arruda Paes <adald...@gmail.com>
An: For Users of ASSP <assp-user@lists.sourceforge.net>
Datum: 20.06.2017 21:48
Betreff: [Assp-user] Multiple SSL certs
Hi,
Can I have multiple SSL certs in ASSP?
i.e.: mail.domain1.com, mail.domain2.com
Best regards,
Alexandre
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
