On 11.11.2016 19:17, Arkadiusz Miśkiewicz wrote:
On Friday 11 of November 2016, Aki Tuomi wrote:
If you are interested in testing, please find patch attached that allows
you to specify
local_name *.foo.bar {
}
or
local_name *.*.foo.bar {
}
so basically you can now use certificate name matching rules for
local_name. It made most sense.
Great! Seems to be working fine for my usage and makes my configs 50% smaller
(which is gigantic improvement). Will do more testing though.
Thanks!
What about dovecot stopping processing new clients when reload is in progress
problem - is it possible to make it behave better? To minimize (or avoid)
"downtime".
How to reproduce - just create config file with 20 000 - 50 000 entries
local_name hostX....example.com {
ssl_cert = </etc/certs/cert.pem
ssl_key = </etc/certs/cert.pem
}
where cert.pem contains some full chain (CA cert + intermediate + cert + key).
Start dovecot and then doveadm reload should take long time. Enough for
noticing that dovecot stops processing clients.
Aki Tuomi
Dovecot oy
That is something that will happen later. Can't give any date, but it's
in our internal tasklist.
Aki