> On 27 Jan 2016, at 21:55, Axel Luttgens <axel.luttg...@skynet.be> wrote:
>
> Hello Haravikk,
>
> Perhaps could you try to devise an exception based on one (or more) "remote"
> section(s), as in:
>
> remote ip.of.webmail.server {
> ssl_verify_client_cert = no
> [other settings, if needed]
> }
>
> But I guess you would need to combine this with inner protocol blocks, and
> probably to replace the "protocol !smtp" block with less general settings.
>
> HTH,
> Axel
Thanks for the suggestion!
Unfortunately the problem seems to be auth_ssl_require_client_cert; it can only
be added to protocol blocks not to local or remote ones. Turning off
ssl_verify_client_cert doesn’t seem to prevent dovecot from requiring a
certificate if auth_ssl_require_client_cert is enabled (it may even force
ssl_verify_client_cert to on implicitly, I’m not sure).
It’s annoying because at present it seems like my only option would be to limit
client certificates to POP3 and use that in my mail clients, allowing me to
disable client certificates for IMAP to keep it free for Roundcube to use
exclusively, but that’s not really an option.
