Hi!
We are indeed listening. And Dovecot actually can check the name on the
certificate, if you ask it to do so.
https://doc.dovecot.org/settings/core/#core_setting-auth_ssl_username_from_cert
Aki
> On 16/05/2023 14:58 EEST Sean Gallagher wrote:
>
>
> It gets worse! If you request a client
It gets worse! If you request a client certificate, Dovecot will not
check the name on the certificate, only that it is signed by a known CA.
I raised this issue on this list some time ago and got no response. I'm
not sure anyone is listening.
On 16/05/2023 7:54 pm, Serg via dovecot wrote:
I w
I would like to offer to implement a feature to reject SSL handshakes
for a default certificate-key pair for efficiently discarding bot
requests (i.e. such requests that provide invalid/not configured
hostname or do not specify at all, like when doing request to the IP
address directly).
Ngin
