lazy-load SNI?
Felipe Gasper
felipe at felipegasper.com
Fri Nov 11 13:34:44 UTC 2016
> On Nov 11, 2016, at 5:36 AM, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>
> Hi!
>
> We are going to do some changes at some point how the certs are loaded and handled to alleviate this. The idea is not yet ripe, so I won't go into too much detail, but idea is to move the cert storage from protocol login processes to elsewhere.
>
In the other thread (http://www.dovecot.org/list/dovecot/2016-October/105855.html) there is mention of Exim. Exim actually allows a pretty flexible SNI-time cert load. Dovecot’s config doesn’t have the run-time variables that would allow this, but maybe there could be some sort of pluggable mechanism to show Dovecot where the cert for a given FQDN is?
It’d be great if a little bit of logic could “teach” Dovecot for each system, like:
sub certificate_path ($fqdn) {
return "$WHERE_MY_CERTS_ARE/$fqdn.pem";
}
-FG
More information about the dovecot
mailing list