On Nov 11, 2016, at 5:36 AM, Aki Tuomi aki.tuomi@dovecot.fi wrote:
Hi!
We are going to do some changes at some point how the certs are loaded and handled to alleviate this. The idea is not yet ripe, so I won't go into too much detail, but idea is to move the cert storage from protocol login processes to elsewhere.
In the other thread (http://www.dovecot.org/list/dovecot/2016-October/105855.html) there is mention of Exim. Exim actually allows a pretty flexible SNI-time cert load. Dovecot’s config doesn’t have the run-time variables that would allow this, but maybe there could be some sort of pluggable mechanism to show Dovecot where the cert for a given FQDN is?
It’d be great if a little bit of logic could “teach” Dovecot for each system, like:
sub certificate_path ($fqdn) { return "$WHERE_MY_CERTS_ARE/$fqdn.pem"; }
-FG