Aki, Multiple local_names would be ideal to accommodate certificates that have multiple names. The way I?m reading the code it looks like its having to pay for the memory for every name on the certificate because a unique CTX is being created for each name even if they are all on a single certificate. This would be a big memory win for anyone using a certificate with multiple names on it. Thanks -Nick cPanel Inc>> > > Dear Aki et al., > > How straightforward would it be to implement the following or similar syntax: > > local_name foo.tld www.foo.tld mail.foo.tld bar.tld { > ... > } > > ?? > > Thank you! > > -FG > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > dovecot mailing list > dovecot at dovecot.org > http://dovecot.org/cgi-bin/mailman/listinfo/dovecot > > ------------------------------ > > End of dovecot Digest, Vol 163, Issue 34 > ****************************************-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3569 bytes Desc: not available URL: <http://dovecot.org/pipermail/dovecot/attachments/20161117/dfe92ec1/attachment.p7s>
J. Nick Koston
2016-Dec-01 07:44 UTC
Multiple names in local_name for UCC certificates (was lazy-load SNI?)
Hi Aki & Felipe,
Attached is an implementation of supporting multiple domains in local_name.
Example
local_name "mail.domain.tld domain.tld mx.domain.tld" { ... }
This can significantly reduce memory usage when using
a UCC certificate with multiple names by only loading
the certificate and key once.
And the pull request?..
https://github.com/dovecot/core/pull/24
<https://github.com/dovecot/core/pull/24>
Thanks
-Nick
> On Nov 17, 2016, at 5:27 AM, J. Nick Koston <nick at cpanel.net>
wrote:
>
> Aki,
>
> Multiple local_names would be ideal to accommodate certificates that have
multiple names. The way I?m reading the code it looks like its having to pay
for the memory for every name on the certificate because a unique CTX is being
created for each name even if they are all on a single certificate.
>
> This would be a big memory win for anyone using a certificate with multiple
names on it.
>
> Thanks
> -Nick
> cPanel Inc
>
>
>>>
>>
>> Dear Aki et al.,
>>
>> How straightforward would it be to implement the following or similar
syntax:
>>
>> local_name foo.tld www.foo.tld mail.foo.tld bar.tld {
>> ...
>> }
>>
>> ??
>>
>> Thank you!
>>
>> -FG
>>
>> ------------------------------
>>
>> Subject: Digest Footer
>>
>> _______________________________________________
>> dovecot mailing list
>> dovecot at dovecot.org
>> http://dovecot.org/cgi-bin/mailman/listinfo/dovecot
>>
>> ------------------------------
>>
>> End of dovecot Digest, Vol 163, Issue 34
>> ****************************************
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-config-Match-multiple-names-in-local_name.patch
Type: application/octet-stream
Size: 1579 bytes
Desc: not available
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20161130/a286fc29/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20161130/a286fc29/attachment-0001.p7s>
Aki Tuomi
2016-Dec-01 07:45 UTC
Multiple names in local_name for UCC certificates (was lazy-load SNI?)
Thank you, we'll start looking at this. Aki On 01.12.2016 09:44, J. Nick Koston wrote:> Hi Aki & Felipe, > > Attached is an implementation of supporting multiple domains in local_name. > > Example > > local_name "mail.domain.tld domain.tld mx.domain.tld" { ... } > > This can significantly reduce memory usage when using > a UCC certificate with multiple names by only loading > the certificate and key once. > > > > And the pull request?.. > > https://github.com/dovecot/core/pull/24 <https://github.com/dovecot/core/pull/24> > > Thanks > -Nick > > >> On Nov 17, 2016, at 5:27 AM, J. Nick Koston <nick at cpanel.net> wrote: >> >> Aki, >> >> Multiple local_names would be ideal to accommodate certificates that have multiple names. The way I?m reading the code it looks like its having to pay for the memory for every name on the certificate because a unique CTX is being created for each name even if they are all on a single certificate. >> >> This would be a big memory win for anyone using a certificate with multiple names on it. >> >> Thanks >> -Nick >> cPanel Inc >> >> >>> Dear Aki et al., >>> >>> How straightforward would it be to implement the following or similar syntax: >>> >>> local_name foo.tld www.foo.tld mail.foo.tld bar.tld { >>> ... >>> } >>> >>> ?? >>> >>> Thank you! >>> >>> -FG >>> >>> ------------------------------ >>> >>> Subject: Digest Footer >>> >>> _______________________________________________ >>> dovecot mailing list >>> dovecot at dovecot.org >>> http://dovecot.org/cgi-bin/mailman/listinfo/dovecot >>> >>> ------------------------------ >>> >>> End of dovecot Digest, Vol 163, Issue 34 >>> **************************************** >