Displaying 20 results from an estimated 215 matches for "local_nam".
Did you mean:
local_name
2018 Feb 25
3
Unexpected config results with local_name + multiple SSL certs
Working with SSL on fresh install of latest Ubuntu Artful + Dovecot
seems broken somehow.
Application is Dovecot listening for many SSL sites...
Likely I've missed adding something simple to the config, related
to local_name usage.
Be great if someone can point out what I've missed, to setup
multiple SSL certs for different host.domain entries in config.
Thanks.
_______
This works as expected... where the SNI server name is returned...
#local_name imap.cydec.com {
ssl_cert = </etc/letsencrypt/live/imap....
2016 Nov 11
3
lazy-load SNI?
On 11.11.2016 12:22, Arkadiusz Mi?kiewicz wrote:
> On Friday 11 of November 2016, Felipe Gasper wrote:
>> Hello,
>>
>> We?re rolling out large SNI deployments for our mail servers. Each domain
>> gets an entry like this in the config:
>>
>> local_name mail.foo.com {
>> ssl_cert = </ssl/domain_tls/*.foo.com/combined
>> ssl_key = </ssl/domain_tls/*.foo.com/combined
>> }
> Lack of glob/regexp support here is also a problem (for me). I could have 50%
> smaller config if local_name supported regexp matching, s...
2016 Dec 01
1
Multiple names in local_name for UCC certificates (was lazy-load SNI?)
Thank you, we'll start looking at this.
Aki
On 01.12.2016 09:44, J. Nick Koston wrote:
> Hi Aki & Felipe,
>
> Attached is an implementation of supporting multiple domains in local_name.
>
> Example
>
> local_name "mail.domain.tld domain.tld mx.domain.tld" { ... }
>
> This can significantly reduce memory usage when using
> a UCC certificate with multiple names by only loading
> the certificate and key once.
>
>
>
> And the pull reques...
2004 Jul 11
0
[PATCH] [TRIVIAL] whitespace + variable rename
...===========
RCS file: /cvsroot/rsync/generator.c,v
retrieving revision 1.93
diff -b -c -r1.93 generator.c
*** generator.c 30 Jun 2004 07:27:30 -0000 1.93
--- generator.c 11 Jul 2004 20:24:21 -0000
***************
*** 543,549 ****
}
! void generate_files(int f, struct file_list *flist, char *local_name)
{
int i;
int phase = 0;
--- 545,551 ----
}
! void generate_files(int f_out, struct file_list *flist, char *local_name)
{
int i;
int phase = 0;
***************
*** 584,590 ****
}
recv_generator(local_name ? local_name : f_name_to(file, fbuf),
! file, i,...
2018 Mar 21
1
v2.2.35 released
...> https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz
> > https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz.sig
>
> [...]
>
> > - Fix local name handling in v2.2.34 SNI code, bug found by cPanel.
>
> That change broke handling of such entries
>
> local_name *.example.com {
> ssl_cert = </etc/certs/aaa.pem
> ssl_key = </etc/certs/aaa.pem
> }
>
> and for connection with pop3.example.com in TLS SNI default certificate is
> presented instead of domain specific one.
>
> Reverting
>
> commit 446c0b02a7802b676e893c...
2016 Oct 20
4
logging TLS SNI hostname
...icz wrote:
> > ... -servername something
If you want to try out, try applying this patch...
>From 066edb5e5c14a05c90e9ae63f0b76fcfd9c1149e Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi at dovecot.fi>
Date: Thu, 20 Oct 2016 16:06:27 +0300
Subject: [PATCH] login-common: Include local_name in login_var_expand_table
This way it can be used in login_log_format
---
src/login-common/client-common.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c
index d0a9c52..5964ec9 100644
--- a/src/login-common/client-common....
2016 Dec 01
0
Multiple names in local_name for UCC certificates (was lazy-load SNI?)
Hi Aki & Felipe,
Attached is an implementation of supporting multiple domains in local_name.
Example
local_name "mail.domain.tld domain.tld mx.domain.tld" { ... }
This can significantly reduce memory usage when using
a UCC certificate with multiple names by only loading
the certificate and key once.
And the pull request?..
https://github.com/dovecot/core/pull/24 <http...
2016 Oct 20
2
logging TLS SNI hostname
...ostname is information passed directly by client.
>>>
>>> So some fqdn name validation would need to happen in case if client has
>>> malicious intents.
>>>
>>>> Kevin
>> Hi!
>>
>> I wonder if this would be of any help? It provides %{local_name}
>> passdb/userdb variable, you can use it for some logging too...
>>
>> https://github.com/dovecot/core/commit/fe791e96fdf796f7d8997ee0515b163dc5ed
>> dd72
> Should it work for such usage, too?
>
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%...
2016 Nov 17
2
dovecot Digest, Vol 163, Issue 34
Aki,
Multiple local_names would be ideal to accommodate certificates that have multiple names. The way I?m reading the code it looks like its having to pay for the memory for every name on the certificate because a unique CTX is being created for each name even if they are all on a single certificate.
This would be a bi...
2019 Jul 05
1
Dovecot local_name TLS SNI regex
Hello,
does local_name in TLS SNI context support regex?
for example:
local_name example-(foo|bar).com {
ssl_cert = </var/lib/dehydrated/certs/example.com/fullchain.pem
ssl_key = </var/lib/dehydrated/certs/example.com/privkey.pem
}
Best regards
2016 Apr 13
2
Warning: Global setting won't change the setting inside an earlier filter
...l (87404ea): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.devel (215349a)
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.10
[...]
ssl_cert = </etc/letsencrypt/live/v083.violet.fastwebserver.de/fullchain.pem
[...]
ssl_key = </etc/letsencrypt/live/v083.violet.fastwebserver.de/privkey.pem
[...]
local_name imap.langzeittest.de {
ssl_cert =
</etc/letsencrypt/live/fahrerlager.langzeittest.de/fullchain.pem
ssl_key = </etc/letsencrypt/live/fahrerlager.langzeittest.de/privkey.pem
}
local_name mail.langzeittest.de {
ssl_cert =
</etc/letsencrypt/live/fahrerlager.langzeittest.de/fullchain.pem...
2016 Nov 10
4
lazy-load SNI?
Hello,
We?re rolling out large SNI deployments for our mail servers. Each domain gets an entry like this in the config:
local_name mail.foo.com {
ssl_cert = </ssl/domain_tls/*.foo.com/combined
ssl_key = </ssl/domain_tls/*.foo.com/combined
}
There are a couple problems we?re finding with this approach:
1) Dovecot wants to load everything at once, which has some machines taking up many GiB of memory just for Do...
2018 Mar 10
0
Unexpected config results with local_name + multiple SSL certs
On 2018-02-25 (09:31 MST), David Favor <david at davidfavor.com> wrote:
>
> }
> local_name imap.cydec.com {
> ssl_cert = </etc/letsencrypt/live/imap.cydec.com/fullchain.pem
> ssl_key = # hidden, use -P to show it
> }
Doesn't this still require a default t(top level) cert besides the one specified for local_name?
Also, is there any reason to use local_name if your lo...
2016 Nov 11
2
lazy-load SNI?
On 11.11.2016 19:17, Arkadiusz Mi?kiewicz wrote:
> On Friday 11 of November 2016, Aki Tuomi wrote:
>
>> If you are interested in testing, please find patch attached that allows
>> you to specify
>>
>> local_name *.foo.bar {
>> }
>>
>> or
>>
>> local_name *.*.foo.bar {
>> }
>>
>> so basically you can now use certificate name matching rules for
>> local_name. It made most sense.
> Great! Seems to be working fine for my usage and makes my configs 50% s...
2018 Aug 29
3
SNI Dovecot
...his, it works :
ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem
ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem
ssl_key = </etc/letsencrypt/live/mail.mydomain.fr/privkey.pem
I got a warning of course when using my second domain, mydomain2.fr.
If I do the config :
local_name mail.mydomain.fr {
ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem
ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem
ssl_key = </etc/letsencrypt/live/mail.mydomain.fr/privkey.pem
}
local_name mail.mydomain2.fr {
ssl_ca = </etc/letsencrypt/live/mail.mydomain2.fr/ch...
2004 Apr 21
1
rsync-2.6.1pre-1 hang
...1a in hash_search (f=1, s=0x0, buf=0x0, len=577936410078638920) at match.c:170
#8 0x08054003 in hash_search (f=1, s=0x0, buf=0x0, len=0) at match.c:202
#9 0x08054726 in match_sums (f=30, s=0x806d638, buf=0x0, len=128983684031) at match.c:319
#10 0x0804d1e4 in recv_files (f_in=30, flist=0x80712b1, local_name=0x6d <Address 0x6d out of bounds>) at receiver.c:349
#11 0x080593ef in receive_file_entry (fptr=0x0, flags=0, flist=0x0, f=0) at flist.c:593
#12 0x0805a2f5 in send_file_name (f=3, flist=0x0, fname=0x0, recursive=0, base_flags=0) at flist.c:920
#13 0x0805a3bc in send_file_name (f=3, flist=0x4...
2018 Mar 19
3
v2.2.35 released
https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz.sig
??? - charset_alias: compile fails with Solaris Studio, reported by
??? ? John Woods.
??? - Fix local name handling in v2.2.34 SNI code, bug found by cPanel.
??? - imapc: Don't try to add mails to index if they already exist there.
??? - imapc: If email is modified in
2018 Mar 19
3
v2.2.35 released
https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz.sig
??? - charset_alias: compile fails with Solaris Studio, reported by
??? ? John Woods.
??? - Fix local name handling in v2.2.34 SNI code, bug found by cPanel.
??? - imapc: Don't try to add mails to index if they already exist there.
??? - imapc: If email is modified in
2016 Dec 03
5
v2.2.27 released
...t;bits>,salt=s>:field}
Hash algorithm is any of the supported ones, e.g. md5, sha1, sha256.
Also "pkcs5" is supported using SHA256. For example: %{sha256:user}
or %{md5;truncate=32:user}.
+ Added support for SHA3-256 and SHA3-512 hashes.
+ config: Support DNS wildcards in local_name, e.g.
local_name *.example.com { .. } matches anything.example.com, but
not multiple.anything.example.com.
+ config: Support multiple names in local_name, e.g.
local_name "1.example.com 2.example.com" { .. }
- Fixed crash in auth process when auth-policy was configured and...
2016 Dec 03
5
v2.2.27 released
...t;bits>,salt=s>:field}
Hash algorithm is any of the supported ones, e.g. md5, sha1, sha256.
Also "pkcs5" is supported using SHA256. For example: %{sha256:user}
or %{md5;truncate=32:user}.
+ Added support for SHA3-256 and SHA3-512 hashes.
+ config: Support DNS wildcards in local_name, e.g.
local_name *.example.com { .. } matches anything.example.com, but
not multiple.anything.example.com.
+ config: Support multiple names in local_name, e.g.
local_name "1.example.com 2.example.com" { .. }
- Fixed crash in auth process when auth-policy was configured and...