Hampa,
Thanks for the patch. I have created a task for this feature and
attached you patch (differential): https://git.cyrus.foundation/T190
On 05/27/2015 06:24 AM, Hampa Hug wrote:
Hampa Hug wrote:
It seems that imapd does not support virtual domains over a
single TLS connection. Specifically, if imapd is configured
for multiple virtual domains, but listens only on a single
IP/port, all clients for all but one virtual domain will get
the wrong TLS certificate.
The attached patch allows imapd to send the correct
certificate if the client supports the SNI (Server Name
Indication) extension to TLS. To implement this, two new
config file options "tls_server_cert_dir" and
"tls_server_key_dir" are added. When a client connects and
supplies a server name, imapd looks for a certificate and a
private key in <tls_server_cert_dir>/<servername>.pem and
<tls_server_key_dir>/<servername>.pem, respectively. If it
finds a certificate, it uses that instead of the default
certificate.
The patch has been briefly tested with Mozilla Thunderbird as
a client and seems to work.
Comments?
Ping
cheers,
Hampa
--
Kenneth Murchison
Principal Systems Software Engineer
Carnegie Mellon University
