Cert for ip range?
Mark Moseley
moseleymark at gmail.com
Wed Nov 27 21:28:34 EET 2019
On Tue, Nov 26, 2019 at 11:22 PM Aki Tuomi via dovecot <dovecot at dovecot.org>
wrote:
>
> On 21.11.2019 23.57, Marc Roos via dovecot wrote:
> > Is it possible to configure a network for a cert instead of an ip?
> >
> > Something like this:
> >
> > local 192.0.2.0 {
> > ssl_cert = </etc/ssl/dovecot/imap-02.example.com.cert.pem
> > ssl_key = </etc/ssl/dovecot/imap-02.example.com.key.pem
> > }
> >
> > Or
> >
> > local 192.0.2.0/24 {
> > ssl_cert = </etc/ssl/dovecot/imap-02.example.com.cert.pem
> > ssl_key = </etc/ssl/dovecot/imap-02.example.com.key.pem
> > }
> >
> > https://wiki.dovecot.org/SSL/DovecotConfiguration
> >
> >
> >
>
> Local part supports that.
>
> Aki
>
On the same topic (though I can start a new thread if preferable), it
doesn't appear that you can use wildcards/patterns in the 'local' name,
unless I'm missing something--which is quite likely.
If it's not possible currently, can I suggest adding that as a feature?
That is, instead of having to list out all the various SNI hostnames that a
cert should be used for (e.g. "local pop3.example.com imap.example.com
pops.example.com pop.example.com .... {" -- and on and on), it'd be handy
to be able to just say "local *.example.com {" and call it a day. I imagine
there'd be a bit of a slowdown, since you'd have to loop through patterns
on each connection (instead of what I assume is a hash lookup), esp for
people with significant amounts of 'local's.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20191127/f508347d/attachment.html>
More information about the dovecot
mailing list