Hello everyone.
We are testing out Dovecot 2.4.0 and noticed a regression in how the
`local_name` filter with multiple space-separated host names works.
For example, having the following dovecot.conf:
```
...
ssl_server_cert_file = /etc/dovecot/global.cert
ssl_server_key_file = /etc/dovecot/global.key
ssl_server_dh_file = /etc/dovecot/dh.pem
...
local_name "server.example.com mail.example.com" {
ssl_server_cert_file = /etc/dovecot/example.com.cert
ssl_server_key_file = /etc/dovecot/example.com.key
}
local_name "good.example.org" {
ssl_server_cert_file = /etc/dovecot/example.org.cert
ssl_server_key_file = /etc/dovecot/example.org.key
}
...
```
Connection to server.example.com:993 (with SNI support) does not work
as expected. The global certificate from the `global.cert` file is
used, and validation fails.
However, connection to good.example.org:993 (with SNI support) works
fine. The `example.org.cert` file is used.
The `doveconf` tool thinks the example configuration should work,
hinting that this is likely to be a bug. Example:
```
# doveconf -f local_name=mail.example.com ssl_server
ssl_server {
cert_file = /etc/dovecot/example.com.cert
dh_file = /etc/dovecot/dh.pem
key_file = /etc/dovecot/example.com.key
}
```
The results show correct file paths, but the `dovecot` server is not
using them.
Any confirmation if this is really a bug, or maybe an intended
configuration syntax change (to force repeating the local_name blocks
for each hostname) would be really appreciated. Thanks.
--
Julius
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
