On 23.12.2011, at 1.10, Mike Abbott wrote:
How do I configure dovecot-2.0.x to present a client SSL certificate when proxying?
Set ssl_client_cert and ssl_client_key settings in dovecot.conf. Requires hg version, since these were added after v2.0.16.
If dovecot on server1.example.com has: passdb { driver = static args = proxy=y host=server2.example.com nopassword=y ssl=yes }
and dovecot on server2.example.com has: ssl_verify_client_cert = yes auth_ssl_require_client_cert = yes
then when a client connects to server1 and authenticates, a connection is established to server2 but the SSL handshake fails because server1 doesn't present a client certificate. I don't see where ssl_client_ctx is tied to a client certificate in ssl-proxy-openssl.c.
If you want some kind of automatic client certificate forwarding, I don't think that's possible even in theory since the private key is needed.