On Thu, 2004-07-15 at 00:22, Marcus Rueckert wrote:
Dovecot could support different certificates based on local or remote IPs. ssl_cert_file and ssl_key_file could contain %l and %r variables. That would require some changes though. Currently login process initializes SSL and chroots itself then. Per-IP certificates would require dropping privileges only after connection has been accepted, so right certificate files could be opened.
I don't think it's worth the trouble. At least not yet.
how about binding dovecot to the specific ip and use a different cert foreach dovecot instance.
btw: will there kind of ip based vhosting within a single dovecot instance?
1.0-tests support "virtual servers", where this is possible:
server foo { listen = 1.2.3.4 ssl_cert_file = /etc/ssl/certs/foo.cer }
server bar { listen = 1.2.3.5 ssl_cert_file = /etc/ssl/certs/bar.cer }
But it creates separate login processes for each server, so it'd be nicer if each login process just listened in all interfaces and just selected the certificate based on what IP the client connected to.