On 21.03.2018 11:23, Arkadiusz Miśkiewicz wrote: > On Wednesday 21 of March 2018, Arkadiusz Miśkiewicz wrote: >> On Monday 19 of March 2018, Aki Tuomi wrote: >>> https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz >>> https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz.sig >> [...] >> >>> - Fix local name handling in v2.2.34 SNI code, bug found by cPanel. >> That change broke handling of such entries >> >> local_name *.example.com { >> ssl_cert = </etc/certs/aaa.pem >> ssl_key = </etc/certs/aaa.pem >> } >> >> and for connection with pop3.example.com in TLS SNI default certificate is >> presented instead of domain specific one. >> >> Reverting >> >> commit 446c0b02a7802b676e893ccc4934fc7318d950ea >> Author: Aki Tuomi <aki.tu...@dovecot.fi> >> Date: Tue Mar 6 15:15:01 2018 +0200 >> >> lib-master: Correctly match when local_name has multiple names >> >> Reported by J. Nick Koston <n...@cpanel.net> >> >> >> fixes the problem. > And proper fix: > > --- dovecot-2.2.35/src/lib-master/master-service-settings-cache.c > 2018-03-21 10:15:09.097480691 +0100 > +++ dovecot-2.2.35/src/lib-master/master-service-settings-cache.c~ > 2018-03-19 10:30:01.000000000 +0100 > @@ -131,7 +131,7 @@ match_local_name(const char *local_name, > return TRUE; > local_name = ptr+1; > } > - return dns_match_wildcard(filter_local_name, local_name) == 0; > + return dns_match_wildcard(local_name, filter_local_name) == 0; > } > > /* Remove any elements which there is no filter for */ > >
Thanks for catching this, seems we are missing this in our tests. Aki
