gregc at olypensupport.com
2017-Jan-06 21:03 UTC
Auth-policy: auth_policy_server_url and https support
When using Auth policy server it doesn?t currently doesn?t support https. In version 2.2.27: Policy server HTTP error: 9002 Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) and in version 2.3.devel Policy server HTTP error: 9002 Requested https connection, but no SSL settings given dovecot.conf does have ?ssl_client_ca_dir = /etc/ssl/certs? set. Looking around the source, http-client-settings are not given the ssl_ca_dir or ssl_ca_file setting from the config. Admittedly SSL tear up/down is little expensive per auth, but I think it maybe it should still work?
> On January 6, 2017 at 11:03 PM gregc at olypensupport.com wrote: > > > When using Auth policy server it doesn?t currently doesn?t support https. > > In version 2.2.27: > Policy server HTTP error: 9002 Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) > > and in version 2.3.devel > Policy server HTTP error: 9002 Requested https connection, but no SSL settings given > > dovecot.conf does have ?ssl_client_ca_dir = /etc/ssl/certs? set. > > Looking around the source, http-client-settings are not given the ssl_ca_dir or ssl_ca_file setting from the config. > > Admittedly SSL tear up/down is little expensive per auth, but I think it maybe it should still work?I suppose so, and it should not do SSL tear up/down per auth, hopefully, since it reuses the same HTTP connections for 10 seconds. Aki
Reasonably Related Threads
- Bug with 2.2.29-1~auto+25 back to haunt me
- Bug with 2.2.29-1~auto+25 back to haunt me
- configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed
- configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed
- configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed