Accessing SSL parameters via dovecot variables
Hi all,
Dovecot supports variables, which can be used in filters.
Does the SSL code expose variables linked to the client certificate?
The answer today appears to be no, and if that’s true I plan to patch it, but just need to confirm I am not missing something.
Regards, Graham —
On 2023-07-21 06:42, Graham Leggett via dovecot wrote:
Hi all,
Dovecot supports variables, which can be used in filters.
Does the SSL code expose variables linked to the client certificate?
The answer today appears to be no, and if that’s true I plan to patch it, but just need to confirm I am not missing something.
A little more in-site into what you are looking for might help. Dovecot does expose a method, we use if for our 'Fingerprinting' system..
-- "Catch the Magic of Linux..."
Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company.
On 24 Jul 2023, at 17:04, Michael Peddemors michael@linuxmagic.com wrote:
On 2023-07-21 06:42, Graham Leggett via dovecot wrote:
Hi all, Dovecot supports variables, which can be used in filters. Does the SSL code expose variables linked to the client certificate? The answer today appears to be no, and if that’s true I plan to patch it, but just need to confirm I am not missing something.
A little more in-site into what you are looking for might help. Dovecot does expose a method, we use if for our 'Fingerprinting' system..
We identify devices by the explicit certificate they present with, rather than the contents of the certificate they present with.
The following PR adds the ability to use the certificate itself as a username:
https://github.com/dovecot/core/pull/202
The format of the username is CertificateExactAssertion as defined in RFC4523 appendix A.1.
This matches the SSL_CLIENT_CERT_RFC4523_CEA variable exposed by Apache httpd.
Regards, Graham —
participants (2)
-
Graham Leggett
-
Michael Peddemors