On Thu, 2025-02-27 at 16:09 +0200, Julius Kriukas wrote:
> Hi,
>
> Using a wildcard host name in the `local_name` filter no longer works
> in
> Dovecot 2.4.0. This is useful for wildcard certificates.
>
> Example `dovecot.conf`:
>
> ```
> ssl_server_cert_file = /etc/dovecot/global.cert
> ssl_server_key_file = /etc/dovecot/global.key
> ssl_server_dh_file = /etc/dovecot/dh.pem
> ...
> local_name "*.example.com" {
> ssl_server_cert_file = /etc/dovecot/example.com.cert
> ssl_server_key_file = /etc/dovecot/example.com.key
> }
> local_name "example.com" {
> ssl_server_cert_file = /etc/dovecot/example.com.cert
> ssl_server_key_file = /etc/dovecot/example.com.key
> }
> ```
>
> The configuration is tested with:
>
> ```
> openssl s_client -connect mail.example.com:993
> openssl s_client -connect example.com:993
> ```
>
> The first connection to mail.example.com fails because Dovecot uses
> the
> default `global.cert` file.
>
> The second test with the exact host name match works as expected.
> Dovecot uses the `example.com.cert` file.
>
> Similar to the previously reported multiple hosts on the same line
> discrepancy, it seems that the `doveconf` tool still has the wildcard
> matching support:
>
> ```
> # doveconf -f local_name=mail.example.com ssl_server
> ssl_server {
> cert_file = /etc/dovecot/example.com.cert
> dh_file = /etc/dovecot/dh.pem
> key_file = /etc/dovecot/example.com.key
> }
> ```
>
> Is there a new way to achieve the wildcard matching behaviour of the
> local_name filter in Dovecot 2.4.0? Thanks.
>
Hi, everyone. Any clarification on the support for wildcard host names
would be really appreciated.
Was support for wildcard hostnames in the 'local_name' section
intentionally removed in Dovecot 2.4.0?
--
Julius Kriukas
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
