lazy-load SNI?
Arkadiusz Miśkiewicz
arekm at maven.pl
Fri Nov 11 17:17:59 UTC 2016
On Friday 11 of November 2016, Aki Tuomi wrote:
> If you are interested in testing, please find patch attached that allows
> you to specify
>
> local_name *.foo.bar {
> }
>
> or
>
> local_name *.*.foo.bar {
> }
>
> so basically you can now use certificate name matching rules for
> local_name. It made most sense.
Great! Seems to be working fine for my usage and makes my configs 50% smaller
(which is gigantic improvement). Will do more testing though.
Thanks!
What about dovecot stopping processing new clients when reload is in progress
problem - is it possible to make it behave better? To minimize (or avoid)
"downtime".
How to reproduce - just create config file with 20 000 - 50 000 entries
local_name hostX....example.com {
ssl_cert = </etc/certs/cert.pem
ssl_key = </etc/certs/cert.pem
}
where cert.pem contains some full chain (CA cert + intermediate + cert + key).
Start dovecot and then doveadm reload should take long time. Enough for
noticing that dovecot stops processing clients.
> Aki Tuomi
> Dovecot oy
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
More information about the dovecot
mailing list