dovecot as proxy and verification of the backends certificate

Heiko Schlittermann hs at schlittermann.de
Tue Oct 13 18:37:44 UTC 2015


Timo Sirainen <tss at iki.fi> (Di 13 Okt 2015 20:27:25 CEST):
…
> >    # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
> >    # ssl_ca = 
> >    ssl_ca = </tmp/certs/ca-local.pem
> > 
> > Bug or feature? Mainly I'm asking because the comments do not indicate
> > that I should have used ssl_ca for this type of operation (dovecot as a
> > SSL client)
> 
> It's a missing feature. I updated http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy about this. I'm thinking that once login-common code uses lib-ssl-iostream instead of the duplicated SSL code this gets fixed more or less automatically. Note sure if that'll happen for v2.3 or not.

Thank you.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20151013/60a379d6/attachment.sig>


More information about the dovecot mailing list