Auth-policy: auth_policy_server_url and https support
When using Auth policy server it doesn’t currently doesn’t support https.
In version 2.2.27: Policy server HTTP error: 9002 Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
and in version 2.3.devel Policy server HTTP error: 9002 Requested https connection, but no SSL settings given
dovecot.conf does have “ssl_client_ca_dir = /etc/ssl/certs” set.
Looking around the source, http-client-settings are not given the ssl_ca_dir or ssl_ca_file setting from the config.
Admittedly SSL tear up/down is little expensive per auth, but I think it maybe it should still work?
On January 6, 2017 at 11:03 PM gregc@olypensupport.com wrote:
When using Auth policy server it doesn’t currently doesn’t support https.
In version 2.2.27: Policy server HTTP error: 9002 Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
and in version 2.3.devel Policy server HTTP error: 9002 Requested https connection, but no SSL settings given
dovecot.conf does have “ssl_client_ca_dir = /etc/ssl/certs” set.
Looking around the source, http-client-settings are not given the ssl_ca_dir or ssl_ca_file setting from the config.
Admittedly SSL tear up/down is little expensive per auth, but I think it maybe it should still work?
I suppose so, and it should not do SSL tear up/down per auth, hopefully, since it reuses the same HTTP connections for 10 seconds.
Aki
participants (2)
-
Aki Tuomi
-
gregc@olypensupport.com