I'm trying to build up a Horde/IMP installation secured by using SSL
certificates on both sides (server and client). I have no trouble using
the client cert to authenticate to Horde, and I have no trouble using
the client cert to authenticate _directly_ to Cyrus IMAP (which is
obviously my IMAP backend). I'm running all this on Linux, using
OpenSSL, and the IMAP toolkit was built using "make slx" with SSLTYPE
set to unix.nopwd.
What I cannot do (yet) is get IMP to pass the certificate it received
from Apache along as part of the TLS negotiation when it tries to
connect to the IMAP server. IMP uses the PHP imap extension, which in
turn uses c-client (and yes, I'm running the latest c-client and PHP).
The documentation on c-client is sparse... but I do see a mail_parameter
setting for SSLCERTIFICATEQUERY. I cannot find any docs or examples that
would show me what this is for, though, so I figured I'd ask here.
Is there any way currently to get c-client to accept a client
certificate (PEM-encoded string representation) and pass it along when
OpenSSL asks for it during the TLS negotiation?
--
------------------------------------------------------------------
For information about this mailing list, and its archives, see:
http://www.washington.edu/imap/c-client-list.html
------------------------------------------------------------------
- Re: c-client support for client certificates? Kevin P. Fleming
- Re: c-client support for client certificates? Mark Crispin
- Re: c-client support for client certificates? Kevin P. Fleming
- Re: c-client support for client certificates... Mark Crispin
