[Dovecot] ssl_require_client_cert = yes for encrypted connections only
Hi,
is there any way to get dovecot to use "ssl_require_client_cert = yes" for encrypted connections only? For unencrypted connections there can't be any client certificate, and I can't disable unencrypted connections altogether (I limit them by firewall to our own network).
Rainer Frey
Software Development
Inxmail GmbH Kaiser-Joseph-Str. 274, 79098 Freiburg, Germany
On Wed, 2006-05-10 at 14:40 +0200, Rainer Frey wrote:
is there any way to get dovecot to use "ssl_require_client_cert = yes" for encrypted connections only? For unencrypted connections there can't be any client certificate, and I can't disable unencrypted connections altogether (I limit them by firewall to our own network).
Not really currently, unless you run two Dovecots with separate configuration.
On Thursday 11 May 2006 10:59, Timo Sirainen wrote:
On Wed, 2006-05-10 at 14:40 +0200, Rainer Frey wrote:
is there any way to get dovecot to use "ssl_require_client_cert = yes" for encrypted connections only? For unencrypted connections there can't be any client certificate, and I can't disable unencrypted connections altogether (I limit them by firewall to our own network).
Not really currently, unless you run two Dovecots with separate configuration.
I'm actually gonna try this. Any hints what must be observed? I'll probably need a different base_dir, but what else? What about login_dir? Will this be relative to base_dir anyway, or do I have to set this separately? Will I perhaps different CONTROL or INDEX locations?
Rainer
Software Development
Inxmail GmbH http://www.inxmail.de
I guess you've already tried this, but here are the answers anyway:
On Tue, 2006-05-16 at 13:43 +0200, Rainer Frey wrote:
Not really currently, unless you run two Dovecots with separate configuration.
I'm actually gonna try this. Any hints what must be observed? I'll probably need a different base_dir, but what else? What about login_dir? Will this be relative to base_dir anyway, or do I have to set this separately?
login_dir is relative to base_dir by default.
Will I perhaps different CONTROL or INDEX locations?
Nope, as long as you're using same Dovecot versions.
On Sunday 11 June 2006 21:06, Timo Sirainen wrote:
I guess you've already tried this, but here are the answers anyway:
I did only for a small test on my notebook. Your information is still useful for me.
login_dir is relative to base_dir by default.
Good. I wasn't sure.
Will I perhaps [need] different CONTROL or INDEX locations?
Nope, as long as you're using same Dovecot versions.
Thanks, that makes it easier. I did use different locations in my test, and it worked; but it's good to know that it is not necessary.
BTW, this recently discussed patch for ssl doesn't change anything for the original question, does it?
Software Development
Inxmail GmbH Kaiser-Joseph-Str. 274, 79098 Freiburg, Germany
Tel +49 (0)761 / 296 979-0 Fax +49 (0)761 / 296 979-9 Web http://www.inxmail.de
Neu: Inxmail Professional 3.2! Fordern Sie Ihren Testaccount noch heute an: http://www.inxmail.de/data/web/testaccount/index.htm
participants (3)
-
Rainer Frey
-
Rainer Frey
-
Timo Sirainen