multiple SSL certificates story
Aki Tuomi
aki.tuomi at dovecot.fi
Wed Oct 26 12:33:15 UTC 2016
On 26.10.2016 15:30, Arkadiusz Miśkiewicz wrote:
> On Wednesday 26 of October 2016, Arkadiusz Miśkiewicz wrote:
>
>> What can be done to make it work and how?
> Don't know internals - but could dovecot do similar job as exim. I mean keep
> big config, store things as strings just like now:
>
> local_name imap.example.com {
> ssl_cert = </etc/certs/cert1.pem
> ssl_key = </etc/certs/cert1.pem
> }
>
> but defer actual certificate loading to a moment when client connects and we
> know it's TLS SNI name?
>
It is non-trivial change, but we'll take note and see if it could be
implemented. OpenSSL supports this via
SSL_CTX_set_tlsext_servername_callback(), but doing it is another thing.
Aki
More information about the dovecot
mailing list