Hello everyone.
We are testing out Dovecot 2.4.0 and noticed a regression in how the
local_name filter with multiple space-separated host names works.
For example, having the following dovecot.conf:
...
ssl_server_cert_file = /etc/dovecot/global.cert
ssl_server_key_file = /etc/dovecot/global.key
ssl_server_dh_file = /etc/dovecot/dh.pem
...
local_name "server.example.com mail.example.com" {
ssl_server_cert_file = /etc/dovecot/example.com.cert
ssl_server_key_file = /etc/dovecot/example.com.key
}
local_name "good.example.org" {
ssl_server_cert_file = /etc/dovecot/example.org.cert
ssl_server_key_file = /etc/dovecot/example.org.key
}
...
Connection to server.example.com:993 (with SNI support) does not work
as expected. The global certificate from the global.cert file is
used, and validation fails.
However, connection to good.example.org:993 (with SNI support) works
fine. The example.org.cert file is used.
The doveconf tool thinks the example configuration should work,
hinting that this is likely to be a bug. Example:
# doveconf -f local_name=mail.example.com ssl_server
ssl_server {
cert_file = /etc/dovecot/example.com.cert
dh_file = /etc/dovecot/dh.pem
key_file = /etc/dovecot/example.com.key
}
The results show correct file paths, but the dovecot server is not
using them.
Any confirmation if this is really a bug, or maybe an intended configuration syntax change (to force repeating the local_name blocks for each hostname) would be really appreciated. Thanks.
-- Julius