[Dovecot] courier-imap to dovecot-imap migration: missing TLS_TRUSTCERTS feature

Uffe Jakobsen uffe at uffe.org
Wed Jan 19 12:46:54 EET 2011


Hi,

I'm attempting an one-to-one migration from courier-imap to dovecot-imap.

current state:

Imap-server has a self signed certificate

Every client/user has a self signed client certificate that is used for 
SSL/TLS client authentication.

All certificates are self signed "standalone" cerfificates - no CA 
hierarchy/structure is made.

With courier-imap we could just put every client certificate into a 
trusted cert file (or hashed directory for a larger number of clients) 
and courier-imap would check that through TLS_TRUSTCERTS.

I would like to keep the current appproach and avoid the whole mini CA 
setup - that way I can also avoid reissuing new certs to all existing users.

Question: can a similar setup be achieved with dovecot-imap ?

I've already made numerous attempts with no luck.

As far as I can see dovecot-imap does not seem to implement the concept 
of checking trusted (self signed standalone client) certs - even though 
it is based on openssl like courier-imap is - but I may be wrong here.

I'm using dovecot-2.0.7 (from ports) on FreeBSD

Thanks in advance.

Kind regards Uffe Jakobsen



More information about the dovecot mailing list