-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 10 Jun 2008, Andre Rodier wrote:
- I use only IMAPS to retrieve the mails.
- I manage two domain names
- I use CA-Cert certificates
So,the question is : how to setup dovecot to select the appropriate certificate, according to the domain name I use when I retrieve mails using the IMAPS protocol ?
Well, it is NOT possible, unless you use two different ways to connect to the IMAP server - which basically means you need two IP addresses or two port numbers.
Unfortunately, IMAP (and most other protocols out there) do not have the capability of Virtual Hosting as HTTP (with the Host attribute).
That means:
variant 1) IMAP over SSL the client resolves the symbolic IMAP server name via DNS, then connects to a port on the numerical IP, then SSL handshake takes place: There is no way for the server, with cert to use, because there is no "domain name" transferred to it. Then the user authentificates.
variant 2) IMAP with STARTTLS the client resolves the symbolic IMAP server name via DNS, then connects to a port on the numerical IP, Dovecot returns the greeting, the client issues STARTTLS, then SSL handshake takes place: There is no way for the server, with cert to use, because there is no "domain name" transferred to it. Then the user authentificates.
At least in variant 2) the IMAP standard could implement a way to pass the original host, but it isn't. So the server must pick a certificate for its own.
Therefore, you cannot host virtual IMAPS servers, but need physically separated ones.
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFITnZXVJMDrex4hCIRAu16AKCTGca3JT526uTurcvOyZRmOMjajQCfY/7n Q7G5vzzM9JWQ1ULGGXocK2Y= =SgDM -----END PGP SIGNATURE-----