TLS communication director -> backend with X.509 cert checks?
Heiko Schlittermann
hs at schlittermann.de
Tue Oct 13 23:10:20 UTC 2015
Heiko Schlittermann <hs at schlittermann.de> (Mi 14 Okt 2015 00:46:11 CEST):
…
>
> And if I add -D to the director service, I can see "Debug: request <hash> refreshed timeout to …",
> but never I see "Debug: request <hash> added". And from what I
> understand this would be the place where the mail_host info comes into
> the game.
>
> But probably I do not understand how director_request_continue() is
> supposed to work.
Ah, the information comes from the other director running. The other one
is using an unpatched version of dovecot.
If I shutdown the other director instance, it seems to work.
Tomorrow I'll do more testing. Good work, thank you.
BTW: I've put there an IPv6 address into the director_servers list (not
an DNS name).
director_servers = 2001:x:y:f33::5:1
…
inet_listener {
address = ::
port = 9090
}
it doesn't recognize itself:
Oct 14 01:06:13 director1 dovecot: director: Fatal: director_servers doesn't list ourself
director_servers = 2001:x:y:f33::5:1:9090
…
inet_listener {
address = ::
port = 9090
}
works, but is ambigous, isn't it? Shouldn't we use [2001:x:y:f33::5:1]:9090
in such a case? But: *Unknown director host: [2001:x:y:f33::5:1]*
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20151014/b7762112/attachment.sig>
More information about the dovecot
mailing list