Ireneusz Szcześniak skrev den 2013-06-29 22:39:
With my config, Dovecot disallows logging in when the SSL connection
was established by a client without a certificate. In this case the
client gets to talk to Dovecot. The client could exploit potential
Dovecot vulnerabilities.
fair
Instead, I want the SSL connection to be dropped by OpenSSL when the
client doesn't authenticate with a certificate, and so the client
doesn't get to talk with Dovecot. This is safer, because the client
is dropped by the well-tested OpenSSL.
so far only a dream
--
senders that put my email into body content will deliver it to my own
trashcan, so if you like to get reply, dont do it
