TLS communication director -> backend with X.509 cert checks?
Timo Sirainen
tss at iki.fi
Mon Oct 19 11:06:06 UTC 2015
> On 15 Oct 2015, at 00:28, Heiko Schlittermann <hs at schlittermann.de> wrote:
>
> Hi Timo
>
> Heiko Schlittermann <hs at schlittermann.de> (Mi 14 Okt 2015 01:10:20 CEST):
> …
>> Ah, the information comes from the other director running. The other one
>> is using an unpatched version of dovecot.
>
> Your patch for backend-certificate verification works. Thank you for the
> good and fast work. Is there any chance that this will make it into
> Dovecot's next release?
Implemented also support for sending the hostname within director ring:
http://hg.dovecot.org/dovecot-2.2/rev/8e9cada0c8fc
http://hg.dovecot.org/dovecot-2.2/rev/7f718c840aff
http://hg.dovecot.org/dovecot-2.2/rev/5876ca2d63fb
Although it's not possible right now to add hostname using "doveadm director add", so that probably needs to be implemented at some point.
> BTW: The ambiguity of 2001:db8::9090 remains. Shouldn't you allow
> [2001:db8::]¹ resp [2001:db8::9090]¹ resp. [2001:db8::]:9090² for such
> cases? (In case one want's to use IPv6 addresses instead of hostnames in
> the director_servers option. (And probably in other places too.))
http://hg.dovecot.org/dovecot-2.2/rev/c5c34c02fda3
More information about the dovecot
mailing list