[Dovecot] require SSL certs only for encrypted connections?
Timo Sirainen
tss at iki.fi
Fri Aug 28 00:36:34 EEST 2009
On Thu, 2009-08-27 at 14:30 -0700, Florin Andrei wrote:
> Timo Sirainen wrote:
> >
> > Hmm. Maybe the setting could have a new "with-ssl" option or something..
>
> That would be awesome. If I'm not mistaken, it's a pretty common
> situation to use certs on SSL but not require them on non-SSL. Kind of
> makes sense to me at least.
Actually I don't really think this is useful. Even in your use case you
don't really want to require it with SSL connections, you want to
require it for connections outside from your intranet. A better way
would be to just do something like:
ssl_require_client_cert = yes
remote_ip 192.168.0.0/16 {
ssl_require_client_cert = no
}
That's almost possible in v2.0.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090827/5996a6ad/attachment.bin
More information about the dovecot
mailing list