TLS communication director -> backend with X.509 cert checks?

Heiko Schlittermann hs at schlittermann.de
Wed Oct 14 21:28:43 UTC 2015


Hi Timo

Heiko Schlittermann <hs at schlittermann.de> (Mi 14 Okt 2015 01:10:20 CEST):
…
> Ah, the information comes from the other director running. The other one
> is using an unpatched version of dovecot.

Your patch for backend-certificate verification works. Thank you for the
good and fast work. Is there any chance that this will make it into
Dovecot's next release?

BTW: The ambiguity of 2001:db8::9090 remains. Shouldn't you allow
[2001:db8::]¹ resp [2001:db8::9090]¹ resp. [2001:db8::]:9090² for such
cases? (In case one want's to use IPv6 addresses instead of hostnames in
the director_servers option. (And probably in other places too.))

¹) Address
²) Address:Port

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20151014/657d7b22/attachment.sig>


More information about the dovecot mailing list