[Dovecot] REQUEST: Different port(protocol) should be able to use a different certification.

[NAJIMA Hiroki]

Hello,

I want to use a different certificate for a different port(protocol).
I searched http://wiki.dovecot.org/ and the mail archives. But such
mechanism were not found.
Could you implement a such mechanism?
Or already implemented it, please teach how to do.

I am assuming the following situations.
  MailAddress: [users]@example.com
  SMTP Server: smtp.example.com
  POP3 Server: pop3.example.com
  IMAP Server: imap.example.com
And
  pop3, imap, smtp are alias of real.example.com
  When use IMAPS, user connents imap.example.com
           POP3S, user connents pop3.example.com

But one Certification file certificates only one FQDN.
For example, dovecot.conf written that
  protocols = imaps pop3s
  ssl_cert_file = /etc/ssl/certs/imap.example.com.cert.pem
  ssl_key_file = /etc/ssl/private/imap.example.com.key.pem
  # imap.example.com.cert.pem's CN is imap.example.com

In this pattern. MUA such as Thunderbird warn when connect pop3s because
FQDN is different.


I have an simple idea in this problem.
dovecot.conf
  protocols = imaps pop3s
- ssl_cert_file = /etc/ssl/certs/imap.example.com.cert.pem
- ssl_key_file = /etc/ssl/private/imap.example.com.key.pem
  # certification for imaps
+ imaps_ssl_cert_file = /etc/ssl/certs/imap.example.com.cert.pem
+ imaps_ssl_key_file = /etc/ssl/private/imap.example.com.key.pem
  # certification for pop3s
+ pop3s_ssl_cert_file = /etc/ssl/certs/pop3.example.com.cert.pem
+ pop3s_ssl_key_file = /etc/ssl/private/pop3.example.com.key.pem

Dovecot uses imaps_ssl_cert/key whenever MUA connects imaps port, uses
pop3s_ssl_cert/key whenever MUA connected dovecot's pop3s port.


Could you discuss it?
#If it was already discussed, please show pointer(URL) that discussion.

Regards.
-----
NAJIMA Hiroki