On 14.7.2004, at 23:40, Gunter Ohrner wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am Mittwoch, 14. Juli 2004 20:34 schrieb Daniel L. Miller:
How can I have Dovecot either return a different certificate for each domain/hostname or a certificate that supports multiple names? I
Not at all, AFAIK, but that's a limitation of SSL / X.509 certificates and none of Dovecot.
Dovecot could support different certificates based on local or remote IPs. ssl_cert_file and ssl_key_file could contain %l and %r variables. That would require some changes though. Currently login process initializes SSL and chroots itself then. Per-IP certificates would require dropping privileges only after connection has been accepted, so right certificate files could be opened.
I don't think it's worth the trouble. At least not yet.