[Dovecot] SSL Client Certificate Support
Bert Koelewijn
bert at rosanneke.com
Sun Oct 5 12:52:56 EEST 2003
Timo Sirainen wrote:
> I've thought about it before myself a few times. I'm not against such
> patch, but I don't think I'll implement it myself anytime soon.
Is there anything I can do to give this patch a higher priority?
>
> Doing this also worries me a bit. Wasn't the recent security hole in
> OpenSSL just in the client certificate parsing? SSL cert authentication
> would have to rely on OpenSSL (or GNUTLS).
OpenSSL have been audited many times, by many experts. If you trust
dovecot, I think you can trust OpenSSL too.
More information about the dovecot
mailing list