Multiple names in local_name for UCC certificates (was lazy-load SNI?)
Aki Tuomi
aki.tuomi at dovecot.fi
Thu Dec 1 07:45:16 UTC 2016
Thank you, we'll start looking at this.
Aki
On 01.12.2016 09:44, J. Nick Koston wrote:
> Hi Aki & Felipe,
>
> Attached is an implementation of supporting multiple domains in local_name.
>
> Example
>
> local_name "mail.domain.tld domain.tld mx.domain.tld" { ... }
>
> This can significantly reduce memory usage when using
> a UCC certificate with multiple names by only loading
> the certificate and key once.
>
>
>
> And the pull request…..
>
> https://github.com/dovecot/core/pull/24 <https://github.com/dovecot/core/pull/24>
>
> Thanks
> -Nick
>
>
>> On Nov 17, 2016, at 5:27 AM, J. Nick Koston <nick at cpanel.net> wrote:
>>
>> Aki,
>>
>> Multiple local_names would be ideal to accommodate certificates that have multiple names. The way I’m reading the code it looks like its having to pay for the memory for every name on the certificate because a unique CTX is being created for each name even if they are all on a single certificate.
>>
>> This would be a big memory win for anyone using a certificate with multiple names on it.
>>
>> Thanks
>> -Nick
>> cPanel Inc
>>
>>
>>> Dear Aki et al.,
>>>
>>> How straightforward would it be to implement the following or similar syntax:
>>>
>>> local_name foo.tld www.foo.tld mail.foo.tld bar.tld {
>>> ...
>>> }
>>>
>>> ??
>>>
>>> Thank you!
>>>
>>> -FG
>>>
>>> ------------------------------
>>>
>>> Subject: Digest Footer
>>>
>>> _______________________________________________
>>> dovecot mailing list
>>> dovecot at dovecot.org
>>> http://dovecot.org/cgi-bin/mailman/listinfo/dovecot
>>>
>>> ------------------------------
>>>
>>> End of dovecot Digest, Vol 163, Issue 34
>>> ****************************************
>
More information about the dovecot
mailing list