> On 15 Oct 2015, at 00:28, Heiko Schlittermann wrote:
>
> Hi Timo
>
> Heiko Schlittermann (Mi 14 Okt 2015 01:10:20 CEST):
> …
>> Ah, the information comes from the other director running. The other one
>> is using an unpatched version of dovecot.
Hi Timo
Heiko Schlittermann (Mi 14 Okt 2015 01:10:20 CEST):
…
> Ah, the information comes from the other director running. The other one
> is using an unpatched version of dovecot.
Your patch for backend-certificate verification works. Thank you for the
good and fast
On 13 Oct 2015, at 22:18, Heiko Schlittermann wrote:
>
> Timo Sirainen (Di 13 Okt 2015 21:02:59 CEST):
> …
>>> On connection setup from a client the director connects to the
>>> selected backend. But it seems (not checked in the source yet),
>>> that for SSL
Timo Sirainen (Di 13 Okt 2015 21:36:40 CEST):
…
> > I see:
> >
> >a) pass the host *names* to the director too, for CN verification
> > purpose
> >
> > May be in struct mail_host could be a field for the original
> > hostname we used to obtain the adress(es)?
Timo Sirainen (Di 13 Okt 2015 21:02:59 CEST):
> > the IP address the director connects to.
>
> Right. The hostnames are lost immediately at director startup. I've never
> really thought about needing this functionality for director, since they're
> usually in the same trusted
Timo Sirainen (Di 13 Okt 2015 21:02:59 CEST):
…
> > On connection setup from a client the director connects to the
> > selected backend. But it seems (not checked in the source yet),
> > that for SSL certificate verification the director doesn't know the
> > original host name
> On 13 Oct 2015, at 22:21, Heiko Schlittermann wrote:
>
> Timo Sirainen (Di 13 Okt 2015 21:02:59 CEST):
>>> the IP address the director connects to.
>>
>> Right. The hostnames are lost immediately at director startup. I've never
>> really thought about
On 13 Oct 2015, at 21:44, Heiko Schlittermann wrote:
>
> Hello,
>
> using Dovecot 2.2.9 and a setup with directors and backends.
> The communication between directors and backends needs to be TLS
> secured.
>
> The director config contains a list of hostnames for the
Hello,
using Dovecot 2.2.9 and a setup with directors and backends.
The communication between directors and backends needs to be TLS
secured.
The director config contains a list of hostnames for the backends.
(implicit list because of multiple A/ records for a single hostname
or explicit
Timo Sirainen (Di 13 Okt 2015 23:49:20 CEST):
…
>
> Proxying in general does check that hostname matches the SSL certificate,
> because both the hostname and IP address are sent to login process. So it
> should work in a way that host= and hostip= is sent. I thought
> my patch
Hi Timo,
Heiko Schlittermann (Di 13 Okt 2015 22:33:23 CEST):
> > Does the attached patch work? Compiles, but untested.
> I'm about to test it.
It seems to update the struct mail_host, but it looks as if the data
in mail_host do not propagate down to login_proxy_new().
On 14 Oct 2015, at 00:34, Heiko Schlittermann wrote:
>
> Hi Timo,
>
> Heiko Schlittermann (Di 13 Okt 2015 22:33:23 CEST):
>>> Does the attached patch work? Compiles, but untested.
>> I'm about to test it.
>
> It seems to update the struct
Heiko Schlittermann (Mi 14 Okt 2015 00:10:50 CEST):
> Timo Sirainen (Di 13 Okt 2015 23:49:20 CEST):
> …
> >
> > Proxying in general does check that hostname matches the SSL certificate,
> > because both the hostname and IP address are sent to login process.
Heiko Schlittermann (Mi 14 Okt 2015 00:46:11 CEST):
…
>
> And if I add -D to the director service, I can see "Debug: request
> refreshed timeout to …",
> but never I see "Debug: request added". And from what I
> understand this would be the place where the mail_host
14 matches
Mail list logo