[Dovecot] require SSL certs only for encrypted connections?
Florin Andrei
florin at andrei.myip.org
Tue Sep 22 20:02:18 EEST 2009
Timo Sirainen wrote:
> On Thu, 2009-08-27 at 14:30 -0700, Florin Andrei wrote:
>> Timo Sirainen wrote:
>>> Hmm. Maybe the setting could have a new "with-ssl" option or something..
>> That would be awesome. If I'm not mistaken, it's a pretty common
>> situation to use certs on SSL but not require them on non-SSL. Kind of
>> makes sense to me at least.
>
> Actually I don't really think this is useful. Even in your use case you
> don't really want to require it with SSL connections, you want to
> require it for connections outside from your intranet. A better way
> would be to just do something like:
>
> ssl_require_client_cert = yes
> remote_ip 192.168.0.0/16 {
> ssl_require_client_cert = no
> }
>
> That's almost possible in v2.0.
"Almost"? :-)
I would go through the trouble of packaging up Dovecot 2.0 for Ubuntu
and upgrading it on my server, if it truly worked.
--
Florin Andrei
http://florin.myip.org/
More information about the dovecot
mailing list