Auth-policy: auth_policy_server_url and https support

Aki Tuomi aki.tuomi at dovecot.fi
Sun Jan 8 18:02:26 UTC 2017


> On January 6, 2017 at 11:03 PM gregc at olypensupport.com wrote:
> 
> 
> When using Auth policy server it doesn’t currently doesn’t support https.
> 
> In version 2.2.27:
>   Policy server HTTP error: 9002 Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
> 
> and in version 2.3.devel
>   Policy server HTTP error: 9002 Requested https connection, but no SSL settings given
> 
> dovecot.conf does have “ssl_client_ca_dir = /etc/ssl/certs” set.
> 
> Looking around the source, http-client-settings are not given the ssl_ca_dir or ssl_ca_file setting from the config.
> 
> Admittedly SSL tear up/down is little expensive per auth, but I think it maybe it should still work?

I suppose so, and it should not do SSL tear up/down per auth, hopefully, since it reuses the same HTTP connections for 10 seconds.

Aki


More information about the dovecot mailing list