26 Oct
2016
26 Oct
'16
3:33 p.m.
On 26.10.2016 15:30, Arkadiusz Miśkiewicz wrote:
On Wednesday 26 of October 2016, Arkadiusz Miśkiewicz wrote:
What can be done to make it work and how? Don't know internals - but could dovecot do similar job as exim. I mean keep big config, store things as strings just like now:
local_name imap.example.com { ssl_cert = </etc/certs/cert1.pem ssl_key = </etc/certs/cert1.pem }
but defer actual certificate loading to a moment when client connects and we know it's TLS SNI name?
It is non-trivial change, but we'll take note and see if it could be implemented. OpenSSL supports this via SSL_CTX_set_tlsext_servername_callback(), but doing it is another thing.
Aki