[Dovecot] 1.0rc26: ssl_verify_client=yes ?
Timo Sirainen
tss at iki.fi
Fri Mar 9 13:20:03 EET 2007
On 9.3.2007, at 11.40, Apostolis Papagiannakis wrote:
> I think replacing
> NID_commonName
> with
> NID_pkcs9_emailAddress ( or NID_subject_key_identifier, or
> NID_subject_alt_name)
> in login-common/ssl-proxy-openssl.c, line 527 would suffice.
> (X509_NAME_get_text_by_NID(X509_get_subject_name(x509),
> NID_commonName, buf, sizeof(buf)) < 0).
>
> Maybe I should post a complete patch if Timo is interested.
Well, not for v1.0 and even then it would have to be optional so it
wouldn't break existing systems.. I guess if this is done it should
rather be a setting that specifies which field is used for the username.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20070309/8207ab08/attachment.pgp
More information about the dovecot
mailing list