Timo Sirainen <t...@iki.fi> (Di 13 Okt 2015 23:49:20 CEST): … > > Proxying in general does check that hostname matches the SSL certificate, > because both the hostname and IP address are sent to login process. So it > should work in a way that host=<hostname> and hostip=<ip> is sent. I thought > my patch did that.. Normally auth_debug=yes would be enough to debug this, > but this happens between director and login process so I don't think it's > going to be of much use. login process's client_auth_parse_args() is what > should see these two parameters correctly. > > I can check this further tomorrow.
I've put an i_warning("*** %s: ...", __FUNCTION__, ...) into several places.
Oct 14 00:02:33 director1 dovecot: director: Warning: *** login_host_callback:
OK#0112#011user=foo#011proxy#011ssl=yes#011nopassword=y#011lip=2001:x.y:f33::5:1#011lport=993#011pass=x#011proxy_refresh=450#011host=2001:x.y:f33::5:fe
Here it seems that the director doesn't send it's knowledge about the
hostname.
Here some other output, to show that the host list contains names and addresses:
Oct 14 00:02:32 director1 dovecot: director: Warning: ** mail_host_add: added
backends.<domain> [2001:x.y:f33::5:fe]
Oct 14 00:02:32 director1 dovecot: director: Warning: ** mail_host_add: added
backends.<domain> [2001:x.y:f33::5:ff]
Oct 14 00:02:32 director1 dovecot: director: Warning: ** mail_host_add: added
backends.<domain> [149.x.y.103]
Oct 14 00:02:32 director1 dovecot: director: Warning: ** mail_host_add: added
backends.<domain> [149.x.y.102]
--
Heiko
signature.asc
Description: Digital signature
