[Dovecot] Multiple SSL certs question
Hello;
I was reading the message "how to config dovecot for multiple domains, multiple SSL certs, and conditional IP access -- with passwd-file passdb?", and i was wondering if Dovecot could support the SNI extention of TLS ?
SNI is Server Name Indication where during the TLS negotiation, the client set the name of the server it tries to reach
I dont know if any imap/pop client support this yet, but this would be a great feature for one IP/multiple virtual domains. Each SNI client would have the correct certificate and not the "main/generic' one.
It seems that mutt has a patch for that http://www.mail-archive.com/mutt-dev@mutt.org/msg05251.html
On Sat, 2009-10-24 at 13:35 +0200, Jean-Baptiste Vignaud wrote:
Hello;
I was reading the message "how to config dovecot for multiple domains, multiple SSL certs,
This works in v2.0, assuming you have separate IP for each.
and conditional IP access -- with passwd-file passdb?",
http://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets can be added to passwd-file extra fields.
and i was wondering if Dovecot could support the SNI extention of TLS ?
Oh, I didn't know this was already in OpenSSL. I'll see about adding support for it to v2.0. I'm not entirely sure how to make it configurable though. Perhaps instead of having:
local_ip 1.2.3.4 { ssl_cert =
I could replace those with:
local host.domain.org { ssl_cert =
and of course keep the IPs also working.
Oh, I didn't know this was already in OpenSSL. I'll see about adding support for it to v2.0. I'm not entirely sure how to make it configurable though. Perhaps instead of having:
local_ip 1.2.3.4 { ssl_cert =
I could replace those with:
local host.domain.org { ssl_cert =
and of course keep the IPs also working.
This would be great !
I searched the thunderbird bugzilla, it seems that they support it : https://bugzilla.mozilla.org/show_bug.cgi?id=511921#c27
participants (2)
-
Jean-Baptiste Vignaud
-
Timo Sirainen