[Dovecot] Problem with requiring client certificates for external connections
Frank Crawford
frank at crawford.emu.id.au
Thu Dec 30 07:33:14 EET 2010
Timo,
Thanks, while I'd like it to work in a remote block, knowing the limits
one way or the other is more important.
BTW, what is the difference between "ssl_require_client_cert" and
"auth_ssl_require_client_cert", since both are known to Dovecot.
Thanks
Frank
On Wed, 2010-12-29 at 19:52 +0200, Timo Sirainen wrote:
> On Sat, 2010-12-25 at 11:38 +0000, Bojan Smojver wrote:
> > Frank Crawford <frank <at> crawford.emu.id.au> writes:
> >
> > > I'm trying to configure my dovecot installation to require client
> > > certificates for external/Internet connections, while still allowing
> > > my local network to not need certificates.
> >
> > Exactly the same problem here on exactly the same platform (F-14), although I
> > used a slightly different config directives (local <remoteIP>).
>
> I already answered Bojan privately, here's for Frank & others too:
>
> This is more of a missing feature than a bug.. Combined with not being
> very obvious that it won't work.. I'll try to figure out what to do
> about it, but the problem anyway is that auth settings aren't currently
> supported inside local/remote {} blocks, and ssl_require_client_cert is
> an auth setting (but ssl_verify_client_cert is handled by login process,
> so that works).
>
> I'll either implement local/remote blocks to work with auth settings, or
> make it fail with an error that it won't work.
>
More information about the dovecot
mailing list