Re: Dovecot 2.4.0 local_name wildcard matching regression

Sat, 05 Apr 2025 10:43:32 -0700 

> On 19/03/2025 11:13 EET Julius Kriukas via dovecot <dovecot@dovecot.org> 
> wrote:
> 
>  
> On Thu, 2025-02-27 at 16:09 +0200, Julius Kriukas wrote:
> > Hi,
> > 
> > Using a wildcard host name in the `local_name` filter no longer works
> > in 
> > Dovecot 2.4.0. This is useful for wildcard certificates.
> > 
> > Example `dovecot.conf`:
> > 
> > ```
> > ssl_server_cert_file = /etc/dovecot/global.cert
> > ssl_server_key_file = /etc/dovecot/global.key
> > ssl_server_dh_file = /etc/dovecot/dh.pem
> > ...
> > local_name "*.example.com" {
> >   ssl_server_cert_file = /etc/dovecot/example.com.cert
> >   ssl_server_key_file = /etc/dovecot/example.com.key
> > }
> > local_name "example.com" {
> >   ssl_server_cert_file = /etc/dovecot/example.com.cert
> >   ssl_server_key_file = /etc/dovecot/example.com.key
> > }
> > ```
> > 
> > The configuration is tested with:
> > 
> > ```
> > openssl s_client -connect mail.example.com:993
> > openssl s_client -connect example.com:993
> > ```
> > 
> > The first connection to mail.example.com fails because Dovecot uses
> > the 
> > default `global.cert` file.
> > 
> > The second test with the exact host name match works as expected. 
> > Dovecot uses the `example.com.cert` file.
> > 
> > Similar to the previously reported multiple hosts on the same line 
> > discrepancy, it seems that the `doveconf` tool still has the wildcard
> > matching support:
> > 
> > ```
> > # doveconf -f local_name=mail.example.com ssl_server
> > ssl_server {
> >    cert_file = /etc/dovecot/example.com.cert
> >    dh_file = /etc/dovecot/dh.pem
> >    key_file = /etc/dovecot/example.com.key
> > }
> > ```
> > 
> > Is there a new way to achieve the wildcard matching behaviour of the 
> > local_name filter in Dovecot 2.4.0? Thanks.
> > 
> 
> Hi, everyone. Any clarification on the support for wildcard host names
> would be really appreciated.
> 
> Was support for wildcard hostnames in the 'local_name' section
> intentionally removed in Dovecot 2.4.0?
> 
> -- 
> Julius Kriukas

Hi!

It will be fixed in upcoming 2.4.1 release.

Aki

_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Reply via email to