On 2023-07-21 06:42, Graham Leggett via dovecot wrote:
Hi all,
Dovecot supports variables, which can be used in filters.
Does the SSL code expose variables linked to the client certificate?
The answer today appears to be no, and if that’s true I plan to patch it, but just need to confirm I am not missing something.
A little more in-site into what you are looking for might help.
Dovecot does expose a method, we use if for our 'Fingerprinting' system..
We identify devices by the explicit certificate they present with, rather than the contents of the certificate they present with.
The following PR adds the ability to use the certificate itself as a username:
The format of the username is CertificateExactAssertion as defined in RFC4523 appendix A.1.
This matches the SSL_CLIENT_CERT_RFC4523_CEA variable exposed by Apache httpd.
Regards,
Graham
—