28 Sep
2009
28 Sep
'09
9:31 p.m.
On Tue, 2009-09-22 at 10:02 -0700, Florin Andrei wrote:
ssl_require_client_cert = yes remote_ip 192.168.0.0/16 { ssl_require_client_cert = no }
That's almost possible in v2.0.
"Almost"? :-)
Well, the problem is that this setting is checked by both auth process and login process. Login process can handle it, auth process can't. Hmm. A few possibilities:
Remove the check from auth process. It's probably not that useful. Then again it adds an extra layer of security. Hmm.
Implement per-IP settings for auth process. Some day.. :)
You can probably already kludge around it:
ssl_require_client_cert = no protocol imap { ssl_require_client_cert = yes remote_ip 192.168.0.0/16 { ssl_require_client_cert = no } }