Multiple names in local_name for UCC certificates (was lazy-load SNI?)

J. Nick Koston nick at cpanel.net
Thu Dec 1 07:44:03 UTC 2016 

Hi Aki & Felipe,

Attached is an implementation of supporting multiple domains in local_name.

Example

local_name "mail.domain.tld domain.tld mx.domain.tld" { ... }

This can significantly reduce memory usage when using
a UCC certificate with multiple names by only loading
the certificate and key once.



And the pull request…..

https://github.com/dovecot/core/pull/24 <https://github.com/dovecot/core/pull/24>

Thanks
-Nick


> On Nov 17, 2016, at 5:27 AM, J. Nick Koston <nick at cpanel.net> wrote:
> 
> Aki,
> 
> Multiple local_names would be ideal to accommodate certificates that have multiple names.  The way I’m reading the code it looks like its having to pay for the memory for every name on the certificate because a unique CTX is being created for each name even if they are all on a single certificate.
> 
> This would be a big memory win for anyone using a certificate with multiple names on it.
> 
> Thanks
> -Nick
> cPanel Inc
> 
> 
>>> 
>> 
>> Dear Aki et al.,
>> 
>> 	How straightforward would it be to implement the following or similar syntax:
>> 
>> local_name foo.tld www.foo.tld mail.foo.tld bar.tld {
>>   ...
>> }
>> 
>> ??
>> 
>> 	Thank you!
>> 
>> -FG
>> 
>> ------------------------------
>> 
>> Subject: Digest Footer
>> 
>> _______________________________________________
>> dovecot mailing list
>> dovecot at dovecot.org
>> http://dovecot.org/cgi-bin/mailman/listinfo/dovecot
>> 
>> ------------------------------
>> 
>> End of dovecot Digest, Vol 163, Issue 34
>> ****************************************
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-config-Match-multiple-names-in-local_name.patch
Type: application/octet-stream
Size: 1579 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20161130/a286fc29/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20161130/a286fc29/attachment-0001.p7s>

More information about the dovecot mailing list