Brian Candler writes:
On Mon, Apr 30, 2007 at 12:36:37AM -0700, Dhafer Ben Arbia wrote:i've created my own CA into my imap server, and i've created the server certificate, i'm connected successfully from my thunderbird client( i added my CA to the list of the CAs trusted by thunderbird). Everything is all right, i just want that each client that want to be connected must have his own certificate given by the server.I had a vague recollection that this question came up before, and the answer was that courier-imap doesn't support client certificates. Search the list archives for confirmation. However, looking at http://www.courier-mta.org/couriertls.html it seems that it might be possible to do what you want using TLS_VERIFYPEER="REQUIREPEER"
Yes. Setting TLS_VERIFYPEER should force OpenSSL to require and validate the cert. Courier, however, generally remains ignorant of the whole thing. One thing that's often done elsewhere is to use the certificate's subject to authenticate a passwordless login. That's not implemented in Courier. This is rather difficult to develop, and there are no widely accepted standards as far as which bits of the certificate subject should identify the mail account, and how.
pgp8rzjm4uP9v.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
