[Dovecot] proxying, SSL, and client certificate

Mike Abbott michael.abbott at apple.com
Fri Dec 23 01:10:52 EET 2011


How do I configure dovecot-2.0.x to present a client SSL certificate when proxying?

If dovecot on server1.example.com has:
passdb {
  driver = static
  args = proxy=y host=server2.example.com nopassword=y ssl=yes
}

and dovecot on server2.example.com has:
ssl_verify_client_cert = yes
auth_ssl_require_client_cert = yes

then when a client connects to server1 and authenticates, a connection is established to server2 but the SSL handshake fails because server1 doesn't present a client certificate.  I don't see where ssl_client_ctx is tied to a client certificate in ssl-proxy-openssl.c.

Thanks.



More information about the dovecot mailing list