Paul - I am back from vacation and am looking into implementing this.
Can you identify an IMAP server system on the Internet that currently has such a server certificate? I don't need an account on it, I just need to be able to access it.
Also, please verify my belief that PC Pine already has this capability and it is only UNIX Pine that has this limitation.
On Fri, 17 Jun 2005, [EMAIL PROTECTED] wrote:
Still another way to solve the problem is, do not use a second imap daemon. Generate your server certificate with CN=<hostname of server> and alternative names of DNS:<hostname of server>,DNS:server1.test.net,DNS:server2.test.net and all alias names that may be used by clients to connect to the server. openssl x509 allows you to do that. We found it essential to repeat CN in the alternative names list. All modern mailtools accept a cerificate if CN or one of the alternative names matches. One notable exception is pine (or better the c-client library at the pine61 level). It only tests CN and complains if it does not match or you have used the novalidate-cert switch. Maybe Mark could extend the code to accept the alternative names.
-- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum. _______________________________________________ Imap-uw mailing list [email protected] https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
