lazy-load SNI?
Aki Tuomi
aki.tuomi at dovecot.fi
Fri Nov 11 18:00:04 UTC 2016
On 11.11.2016 19:17, Arkadiusz Miśkiewicz wrote:
> On Friday 11 of November 2016, Aki Tuomi wrote:
>
>> If you are interested in testing, please find patch attached that allows
>> you to specify
>>
>> local_name *.foo.bar {
>> }
>>
>> or
>>
>> local_name *.*.foo.bar {
>> }
>>
>> so basically you can now use certificate name matching rules for
>> local_name. It made most sense.
> Great! Seems to be working fine for my usage and makes my configs 50% smaller
> (which is gigantic improvement). Will do more testing though.
>
> Thanks!
>
>
>
> What about dovecot stopping processing new clients when reload is in progress
> problem - is it possible to make it behave better? To minimize (or avoid)
> "downtime".
>
> How to reproduce - just create config file with 20 000 - 50 000 entries
>
> local_name hostX....example.com {
> ssl_cert = </etc/certs/cert.pem
> ssl_key = </etc/certs/cert.pem
> }
>
> where cert.pem contains some full chain (CA cert + intermediate + cert + key).
>
> Start dovecot and then doveadm reload should take long time. Enough for
> noticing that dovecot stops processing clients.
>
>> Aki Tuomi
>> Dovecot oy
That is something that will happen later. Can't give any date, but it's
in our internal tasklist.
Aki
More information about the dovecot
mailing list