Hampa Hug wrote: > It seems that imapd does not support virtual domains over a > single TLS connection. Specifically, if imapd is configured > for multiple virtual domains, but listens only on a single > IP/port, all clients for all but one virtual domain will get > the wrong TLS certificate. > > The attached patch allows imapd to send the correct > certificate if the client supports the SNI (Server Name > Indication) extension to TLS. To implement this, two new > config file options "tls_server_cert_dir" and > "tls_server_key_dir" are added. When a client connects and > supplies a server name, imapd looks for a certificate and a > private key in <tls_server_cert_dir>/<servername>.pem and > <tls_server_key_dir>/<servername>.pem, respectively. If it > finds a certificate, it uses that instead of the default > certificate. > > The patch has been briefly tested with Mozilla Thunderbird as > a client and seems to work. > > Comments?
Ping cheers, Hampa
