On 23.12.2011, at 1.10, Mike Abbott wrote:
> How do I configure dovecot-2.0.x to present a client SSL certificate when
> proxying?
Set ssl_client_cert and ssl_client_key settings in dovecot.conf. Requires hg
version, since these were added after v2.0.16.
> If dovecot on server1.example.com has:
> passdb {
> driver = static
> args = proxy=y host=server2.example.com nopassword=y ssl=yes
> }
>
> and dovecot on server2.example.com has:
> ssl_verify_client_cert = yes
> auth_ssl_require_client_cert = yes
>
> then when a client connects to server1 and authenticates, a connection is
> established to server2 but the SSL handshake fails because server1 doesn't
> present a client certificate. I don't see where ssl_client_ctx is tied to a
> client certificate in ssl-proxy-openssl.c.
If you want some kind of automatic client certificate forwarding, I don't think
that's possible even in theory since the private key is needed.
