[Dovecot] Problem with requiring client certificates for external connections

Timo Sirainen tss at iki.fi
Wed Dec 29 19:52:27 EET 2010


On Sat, 2010-12-25 at 11:38 +0000, Bojan Smojver wrote:
> Frank Crawford <frank <at> crawford.emu.id.au> writes:
> 
> > I'm trying to configure my dovecot installation to require client
> > certificates for external/Internet connections, while still allowing
> > my local network to not need certificates.
> 
> Exactly the same problem here on exactly the same platform (F-14), although I
> used a slightly different config directives (local <remoteIP>).

I already answered Bojan privately, here's for Frank & others too:

This is more of a missing feature than a bug.. Combined with not being
very obvious that it won't work.. I'll try to figure out what to do
about it, but the problem anyway is that auth settings aren't currently
supported inside local/remote {} blocks, and ssl_require_client_cert is
an auth setting (but ssl_verify_client_cert is handled by login process,
so that works).

I'll either implement local/remote blocks to work with auth settings, or
make it fail with an error that it won't work.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20101229/c3145245/attachment.bin 


More information about the dovecot mailing list