[Dovecot] SSL Certificates and multiple domain names

Timo Sirainen tss at iki.fi
Thu Jul 15 00:11:36 EEST 2004


On 14.7.2004, at 23:40, Gunter Ohrner wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Am Mittwoch, 14. Juli 2004 20:34 schrieb Daniel L. Miller:
>> How can I have Dovecot either return a different certificate for each
>> domain/hostname or a certificate that supports multiple names?  I
>
> Not at all, AFAIK, but that's a limitation of SSL / X.509 certificates 
> and
> none of Dovecot.

Dovecot could support different certificates based on local or remote 
IPs. ssl_cert_file and ssl_key_file could contain %l and %r variables. 
That would require some changes though. Currently login process 
initializes SSL and chroots itself then. Per-IP certificates would 
require dropping privileges only after connection has been accepted, so 
right certificate files could be opened.

I don't think it's worth the trouble. At least not yet.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20040715/b89859c7/PGP.pgp


More information about the dovecot mailing list