search for: certchecker

Hi all, Last week I noticed that the CertChecker in the Go implementation of x/crypto/ssh seems to be doing host principal validation incorrectly and filed the following bug: https://github.com/golang/go/issues/20273 By default they are looking for a principal named "host:port" inside of the certificate presented by the server, instead...

> Uri (earlier in this thread) does answer this question clearly (that > the principal should be the hostname only), and, now that I've found > PROTOCOL.certkeys, this seems to be spelt out unambiguously there too: In turn this means: One cannot expect several SSH services on a single host to be securely distinguishable from each other by their particular

On Mon, May 15, 2017 at 11:39 AM, Peter Moody <mindrot at hda3.com> wrote: > my reading of the sshd manpage is that ssh is more permissive than it should be > > SSH_KNOWN_HOSTS FILE FORMAT : > ... > > A hostname or address may optionally be enclosed within `[' and `]' > brackets then followed by `:' and a non-standard port number. Hi Peter, I'm not

On Wed, May 17, 2017 at 2:46 AM, Damien Miller <djm at mindrot.org> wrote: > On Mon, 15 May 2017, Adam Eijdenberg wrote: >> https://github.com/golang/go/issues/20273 >> >> By default they are looking for a principal named "host:port" inside >> of the certificate presented by the server, instead of just looking >> for the host as I believe OpenSSH

Hi, looked into the [ dovecot wiki ] but a search for [ lmtps ] came up empty and thus hoping to get some assistance here. I am trying to relay with [ msmtp ] via [ lmtps ] from a lan host other than [ dovecot ] is running on. [ dovecot config ] > service lmtp { > ? unix_listener lmtp { > ??? #mode = 0666 > ? } [ ss -wxl | grep lmtp ] > u_strLISTEN 0????? 100???

You have lmtp as unix socket configured but want to access from remote via tcp socket? I think you need inet_listener instead of unix_ listener ----- Originale Nachricht ----- Von: "?????" <vtol at gmx.net> Gesendet: 06.08.18 - 20:14 An: dovecot <dovecot at dovecot.org> Betreff: 2.3.2.1 - relay to lmtps from other lan host > Hi, > > looked into the [ dovecot wiki

Right, now I got then > service lmtp { > ? unix_listener lmtp { > ??? #mode = 0666 > ? } > > ? inet_listener lmtp { > ???? address = 172.24.109.6 > ??? port = 24 > ? } > } and [ msmtp ] is connecting indeed. Does TLS/STARTTLS need to be added to [ inet_listener lmtp ] in order to facilitate [ lmptps ]? If so what is the syntax? Right now this error comes up: >