ssl_verify_server_cert against SAN?
Aki Tuomi
aki.tuomi at open-xchange.com
Thu Apr 18 11:52:00 EEST 2019
> On 18 April 2019 11:34 TG Servers via dovecot <dovecot at dovecot.org> wrote:
>
>
> Hi,
>
> when using ssl_verify_server_cert in mysql connection string, is the cert verified also against SAN (DNS and IP)?
> Because this doesn't seem to work. I get a certification verification error in handshake when connecting via IP.
> But the cert is good as the connection via IP (and IP in the SAN of the cert) works from other applications verifying.
>
> Thanks.
>
Dovecot does consider SAN names too, but for MySQL driver, we use MYSQL_OPT_SSL_VERIFY_SERVER_CERT setting. Then you need to use ssl_ca or ssl_ca_path in the mysql driver config file to point to acceptable CAs.
Aki
More information about the dovecot
mailing list