[Dovecot] 1.0rc26: ssl_verify_client=yes ?

Timo Sirainen tss at iki.fi
Fri Mar 9 13:20:03 EET 2007


On 9.3.2007, at 11.40, Apostolis Papagiannakis wrote:

> I think replacing
>    NID_commonName
> with
>    NID_pkcs9_emailAddress ( or NID_subject_key_identifier, or  
> NID_subject_alt_name)
> in login-common/ssl-proxy-openssl.c, line 527 would suffice.
> (X509_NAME_get_text_by_NID(X509_get_subject_name(x509),  
> NID_commonName, buf, sizeof(buf)) < 0).
>
> Maybe I should post a complete patch if Timo is interested.

Well, not for v1.0 and even then it would have to be optional so it  
wouldn't break existing systems.. I guess if this is done it should  
rather be a setting that specifies which field is used for the username.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20070309/8207ab08/attachment.pgp 


More information about the dovecot mailing list