30 Jun
2013
30 Jun
'13
5:56 p.m.
Ireneusz Szcześniak skrev den 2013-06-29 22:39:
With my config, Dovecot disallows logging in when the SSL connection was established by a client without a certificate. In this case the client gets to talk to Dovecot. The client could exploit potential Dovecot vulnerabilities.
fair
Instead, I want the SSL connection to be dropped by OpenSSL when the client doesn't authenticate with a certificate, and so the client doesn't get to talk with Dovecot. This is safer, because the client is dropped by the well-tested OpenSSL.
so far only a dream
-- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it