[Dovecot] Multiple SSL certs question

Timo Sirainen tss at iki.fi
Wed Oct 28 00:48:47 EET 2009


On Sat, 2009-10-24 at 13:35 +0200, Jean-Baptiste Vignaud wrote:
> Hello;
> 
> I was reading the message "how to config dovecot for multiple domains,
> multiple SSL certs, 

This works in v2.0, assuming you have separate IP for each.

> and conditional IP access -- with passwd-file passdb?", 

http://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets can be
added to passwd-file extra fields.

> and i was wondering if Dovecot could support the SNI
> extention of TLS ?

Oh, I didn't know this was already in OpenSSL. I'll see about adding
support for it to v2.0. I'm not entirely sure how to make it
configurable though. Perhaps instead of having:

local_ip 1.2.3.4 {
  ssl_cert = </etc/ssl/certs/1.2.3.4
}
remote_ip 4.3.2.1 {
}

I could replace those with:

local host.domain.org {
  ssl_cert = </etc/ssl/certs/1.2.3.4
}
remote host2.domain2.org {
}

and of course keep the IPs also working.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20091027/d1a9af80/attachment.bin 


More information about the dovecot mailing list