lazy-load SNI?

[Arkadiusz Miśkiewicz]

On Friday 11 of November 2016, Aki Tuomi wrote:
> On 11.11.2016 19:17, Arkadiusz Miśkiewicz wrote:
> > On Friday 11 of November 2016, Aki Tuomi wrote:
> >> If you are interested in testing, please find patch attached that allows
> >> you to specify
> >> 
> >> local_name *.foo.bar {
> >> }
> >> 
> >> or
> >> 
> >> local_name *.*.foo.bar {
> >> }
> >> 
> >> so basically you can now use certificate name matching rules for
> >> local_name. It made most sense.
> > 
> > Great! Seems to be working fine for my usage and makes my configs 50%
> > smaller (which is gigantic improvement). Will do more testing though.
> > 
> > Thanks!
> > 
> > 
> > 
> > What about dovecot stopping processing new clients when reload is in
> > progress problem -  is it possible to make it behave better? To minimize
> > (or avoid) "downtime".
> > 
> > How to reproduce - just create config file with 20 000 - 50 000 entries
> > 
> > local_name hostX....example.com {
> > 
> >    ssl_cert = </etc/certs/cert.pem
> >    ssl_key = </etc/certs/cert.pem
> > 
> > }
> > 
> > where cert.pem contains some full chain (CA cert + intermediate + cert +
> > key).
> > 
> > Start dovecot and then doveadm reload should take long time. Enough for
> > noticing that dovecot stops processing clients.
> > 
> >> Aki Tuomi
> >> Dovecot oy
> 
> That is something that will happen later. Can't give any date, but it's
> in our internal tasklist.

Ok, thanks.

Just making sure that this (stopping processing clients) and lazy-loading of 
thousands of SSL certs itself are treated by dovecot team as two separate 
issues (and tons of SSL certs simply helps to notice first issue).

And was hoping that stopping processing clients issue is easy/easier to solve 
(but looks like that's not the case).

> Aki


-- 
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )