Timo, Thanks, while I'd like it to work in a remote block, knowing the limits one way or the other is more important.
BTW, what is the difference between "ssl_require_client_cert" and"auth_ssl_require_client_cert", since both are known to Dovecot.
Thanks Frank
On Wed, 2010-12-29 at 19:52 +0200, Timo Sirainen wrote:
On Sat, 2010-12-25 at 11:38 +0000, Bojan Smojver wrote:
Frank Crawford <frank <at> crawford.emu.id.au> writes:
I'm trying to configure my dovecot installation to require client certificates for external/Internet connections, while still allowing my local network to not need certificates.
Exactly the same problem here on exactly the same platform (F-14), although I used a slightly different config directives (local <remoteIP>).
I already answered Bojan privately, here's for Frank & others too:
This is more of a missing feature than a bug.. Combined with not being very obvious that it won't work.. I'll try to figure out what to do about it, but the problem anyway is that auth settings aren't currently supported inside local/remote {} blocks, and ssl_require_client_cert is an auth setting (but ssl_verify_client_cert is handled by login process, so that works).
I'll either implement local/remote blocks to work with auth settings, or make it fail with an error that it won't work.