Re: Dovecot 2.4.0 local_name wildcard matching regression

Sat, 01 Mar 2025 04:35:52 -0800 


I am still on 2.3 however i think its just a dot, not a *.

local_name .scom.ca {
ssl_key =</usr/local/etc/dovecot/scom.pem
ssl_cert =</usr/local/etc/dovecot/scom.pem
ssl_ca =</usr/local/etc/dovecot/scom.pem


maybe try that.



Thanks - Paul Kudla (Manager SCOM.CA Internet Services Inc.)

Have A Happy Saturday !!!

Scom.ca Internet Services <http://www.scom.ca>
004-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3

Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
Email p...@scom.ca

On 2025-02-27 9:09 a.m., Julius Kriukas via dovecot wrote:


Hi,
Using a wildcard host name in the `local_name` filter no longer works in Dovecot 2.4.0. This is useful for wildcard certificates. 

Example `dovecot.conf`:

```
ssl_server_cert_file = /etc/dovecot/global.cert
ssl_server_key_file = /etc/dovecot/global.key
ssl_server_dh_file = /etc/dovecot/dh.pem
...
local_name "*.example.com" {
  ssl_server_cert_file = /etc/dovecot/example.com.cert
  ssl_server_key_file = /etc/dovecot/example.com.key
}
local_name "example.com" {
  ssl_server_cert_file = /etc/dovecot/example.com.cert
  ssl_server_key_file = /etc/dovecot/example.com.key
}
```

The configuration is tested with:

```
openssl s_client -connect mail.example.com:993
openssl s_client -connect example.com:993
```
The first connection to mail.example.com fails because Dovecot uses the default `global.cert` file.
The second test with the exact host name match works as expected. Dovecot uses the `example.com.cert` file.
Similar to the previously reported multiple hosts on the same line discrepancy, it seems that the `doveconf` tool still has the wildcard matching support: 

```
# doveconf -f local_name=mail.example.com ssl_server
ssl_server {
   cert_file = /etc/dovecot/example.com.cert
   dh_file = /etc/dovecot/dh.pem
   key_file = /etc/dovecot/example.com.key
}
```
Is there a new way to achieve the wildcard matching behaviour of the local_name filter in Dovecot 2.4.0? Thanks. 



_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Reply via email to