On Friday 11 of November 2016, Aki Tuomi wrote: > If you are interested in testing, please find patch attached that allows > you to specify > > local_name *.foo.bar { > } > > or > > local_name *.*.foo.bar { > } > > so basically you can now use certificate name matching rules for > local_name. It made most sense.
Great! Seems to be working fine for my usage and makes my configs 50% smaller (which is gigantic improvement). Will do more testing though. Thanks! What about dovecot stopping processing new clients when reload is in progress problem - is it possible to make it behave better? To minimize (or avoid) "downtime". How to reproduce - just create config file with 20 000 - 50 000 entries local_name hostX....example.com { ssl_cert = </etc/certs/cert.pem ssl_key = </etc/certs/cert.pem } where cert.pem contains some full chain (CA cert + intermediate + cert + key). Start dovecot and then doveadm reload should take long time. Enough for noticing that dovecot stops processing clients. > Aki Tuomi > Dovecot oy -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )