Re: [Dovecot] Multiple SSL certs question
Oh, I didn't know this was already in OpenSSL. I'll see about adding support for it to v2.0. I'm not entirely sure how to make it configurable though. Perhaps instead of having: local_ip 1.2.3.4 { ssl_cert = /etc/ssl/certs/1.2.3.4 } remote_ip 4.3.2.1 { } I could replace those with: local host.domain.org { ssl_cert = /etc/ssl/certs/1.2.3.4 } remote host2.domain2.org { } and of course keep the IPs also working. This would be great ! I searched the thunderbird bugzilla, it seems that they support it : https://bugzilla.mozilla.org/show_bug.cgi?id=511921#c27
Re: [Dovecot] Multiple SSL certs question
On Wed, 2009-10-28 at 16:10 +0100, Jean-Baptiste Vignaud wrote: local host.domain.org { ssl_cert = /etc/ssl/certs/1.2.3.4 } remote host2.domain2.org { } and of course keep the IPs also working. This would be great ! The above works now in v2.0 code tree. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Multiple SSL certs question
On Sat, 2009-10-24 at 13:35 +0200, Jean-Baptiste Vignaud wrote: Hello; I was reading the message how to config dovecot for multiple domains, multiple SSL certs, This works in v2.0, assuming you have separate IP for each. and conditional IP access -- with passwd-file passdb?, http://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets can be added to passwd-file extra fields. and i was wondering if Dovecot could support the SNI extention of TLS ? Oh, I didn't know this was already in OpenSSL. I'll see about adding support for it to v2.0. I'm not entirely sure how to make it configurable though. Perhaps instead of having: local_ip 1.2.3.4 { ssl_cert = /etc/ssl/certs/1.2.3.4 } remote_ip 4.3.2.1 { } I could replace those with: local host.domain.org { ssl_cert = /etc/ssl/certs/1.2.3.4 } remote host2.domain2.org { } and of course keep the IPs also working. signature.asc Description: This is a digitally signed message part
[Dovecot] Multiple SSL certs question
Hello; I was reading the message how to config dovecot for multiple domains, multiple SSL certs, and conditional IP access -- with passwd-file passdb?, and i was wondering if Dovecot could support the SNI extention of TLS ? SNI is Server Name Indication where during the TLS negotiation, the client set the name of the server it tries to reach I dont know if any imap/pop client support this yet, but this would be a great feature for one IP/multiple virtual domains. Each SNI client would have the correct certificate and not the main/generic' one. It seems that mutt has a patch for that http://www.mail-archive.com/mutt-...@mutt.org/msg05251.html