On 26.10.2016 15:30, Arkadiusz Miśkiewicz wrote:
On Wednesday 26 of October 2016, Arkadiusz Miśkiewicz wrote:
What can be done to make it work and how?
Don't know internals - but could dovecot do similar job as exim. I mean keep
big config, store things as strings just like now:
local_name imap.example.com {
ssl_cert = </etc/certs/cert1.pem
ssl_key = </etc/certs/cert1.pem
}
but defer actual certificate loading to a moment when client connects and we
know it's TLS SNI name?
It is non-trivial change, but we'll take note and see if it could be
implemented. OpenSSL supports this via
SSL_CTX_set_tlsext_servername_callback(), but doing it is another thing.
Aki
