Displaying 20 results from an estimated 4000 matches similar to: "OCSP Stapling and Certificate Transparency"
2018 Oct 31
1
OCSP Stapling and Certificate Transparency
On 05/01/2018 09:08 AM, Aki Tuomi wrote:
>
>> On 01 May 2018 at 19:03 Felipe Gasper < felipe at felipegasper.com
>> <mailto:felipe at felipegasper.com>> wrote:
>>
>>
>> Hi,
>>
>> For CAs that do not include a signed certificate timestamp in their
>> newly-issued certificates, does Dovecot support either OCSP stapling
>> or the
2018 May 01
0
OCSP Stapling and Certificate Transparency
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 01 May 2018 at 19:03 Felipe Gasper <
<a href="mailto:felipe@felipegasper.com">felipe@felipegasper.com</a>> wrote:
</div>
2016 Mar 03
4
Implementation of TLS OCSP Stapling
Hi all,
About a year ago, Torsten already asked for OCSP stapling
(http://dovecot.org/pipermail/dovecot/2015-April/100632.html).
Unfortunately, there was no answer to his question.
Now RFC 7633 ("TLS Feature Extension",
https://tools.ietf.org/html/rfc7633, a.k.a. "Must Staple") has landed,
revocation is getting serious! I personally would like to embed all my
TLS
2016 Mar 03
3
Implementation of TLS OCSP Stapling
On 03-03-16 13:04, A. Schulze wrote:
>
> dovecot:
>
>> So I would like to know if Dovecot is planning to feature OCSP stapling.
>> That way I know for sure my "must staple" certificates can be used by
>> Dovecot. And in my opinion, every TLS offering daemon should be up to
>> par to the capabilities of TLS.. Not lag behind :)
>>
>> What's
2016 Mar 03
2
Implementation of TLS OCSP Stapling
On 03-03-16 14:09, Gedalya wrote:
> On 03/03/2016 07:30 AM, Stephan Bosch wrote:
>> BTW, I can imagine that Thunderbird can already do that, as it shares much of the Firefox code base.
> Thunderbird definitely does validate certificates via OCSP, enabled by default and I've run into that the hard way a couple of times wrt StartSSL having issues with their responder. This isn't
2016 Mar 03
2
Implementation of TLS OCSP Stapling
Op 3-3-2016 om 13:04 schreef A. Schulze:
>
> dovecot:
>
>> So I would like to know if Dovecot is planning to feature OCSP stapling.
>> That way I know for sure my "must staple" certificates can be used by
>> Dovecot. And in my opinion, every TLS offering daemon should be up to
>> par to the capabilities of TLS.. Not lag behind :)
>>
>>
2019 Jan 15
2
doveadm neglecting to exit in failure?
-----
cpssltest at cpanelssltest.org [/usr/local/cpanel]# doveadm -v expunge -u cpssltest -- mailbox-guid b8a359119e771b58484a0000a841250d savedbefore 365days; echo $?
doveadm(cpssltest): Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied
0
-----
^^ In the above, shouldn?t the ?doveadm? command have exited nonzero to indicate a failure to connect?
Thanks!
-Felipe
2005 Sep 14
13
table sorting/manipulation library?
I have a library I''ve developed that I believe is the most flexible and
useful table sorting/striping/row-selecting library around.
Big features:
Single and multiple-level sort
Arbitrary sort criteria (IP address, date, etc.)
Works with table headers that are > 1 row or column large
Stripe tables and/or enable row selecting
Row selecting supports drag-select and SHIFT-click
No extra
2020 May 26
2
doveadm: extra lines?
Hello,
I?m sending doveadm ?kick? commands to doveadm-server via the doveadm protocol. When ?kick? sends back a NOTFOUND error, though, it?s sending back additional output. strace shows:
write(3<UNIX:[3158354->3156665]>, "\t\tkick\tmyssltest\n", 17) = 17
...
read(3<UNIX:[3158354->3156665]>, "\n-NOTFOUND\n\n-\n", 8192) = 14
Going by the protocol
2015 Apr 26
0
TLS OCSP Stapling
Hi,
is there a plan to support TLS OCSP stapling in the near future?
Regards Torsten
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20150426/c30801b6/attachment.sig>
2016 Jun 17
2
https and self signed
On 17.06.2016 16:27, ????????? ???????? wrote:
> Walter H. ????? 2016-06-16 22:54:
>> On 16.06.2016 21:42, ????????? ???????? wrote:
>>>
>>> I don't think OCSP is critical for free certificates suitable for
>>> small businesses and personal sites.
>>>
>> this is philosophy;
>>
>> I'd say when you do it then do it good, else
2020 May 24
2
missing man page for “doveadm dsync-server”?
Hello,
Is there a man page for this command? I don?t see one in the repository. Given its utility in, e.g., syncing mailboxes via SSH, it seems like documentation for this command would be useful?
Thank you!
-Felipe Gasper
2016 Jun 17
2
https and self signed
On 17.06.2016 19:57, ????????? ???????? wrote:
>>> Then OCSP stapling is the way to go but it could be a real PITA to
>>> setup for the first time and may not be supported by older browsers
>>> anyway.
>>>
>> not really, because the same server tells the client that the SSL
>> certificate is good, as the SSL certificate itself;
>> these must
2016 Nov 10
4
lazy-load SNI?
Hello,
We?re rolling out large SNI deployments for our mail servers. Each domain gets an entry like this in the config:
local_name mail.foo.com {
ssl_cert = </ssl/domain_tls/*.foo.com/combined
ssl_key = </ssl/domain_tls/*.foo.com/combined
}
There are a couple problems we?re finding with this approach:
1) Dovecot wants to load everything at once, which has some machines taking
2019 Mar 12
6
“doveadm mailbox” command fails with UTF-8 mailboxes
Hello,
I?ve got a strange misconfiguration where the following command:
doveadm -f pager mailbox status -u spamutf8 'messages vsize guid' INBOX 'INBOX.*'
? fails with error code 68, saying that it can?t find one of the mailboxes. (It lists the user?s other mailboxes.) The name of the mailbox in question is saved to disk in UTF-8 rather than mUTF-7, but strace shows that doveadm
2020 May 20
1
Re: dsync “destination” argument
> On May 20, 2020, at 10:46 AM, Sami Ketola <sami.ketola at dovecot.fi> wrote:
>
>> On 16. May 2020, at 3.46, Felipe Gasper <felipe at felipegasper.com> wrote:
>>
>> Hello,
>>
>> Some code that I didn?t write but am maintaining passes a local script?s path as dsync?s ?destination? argument, like so:
>>
>> dsync -D -u john -v backup
2020 May 16
2
dsync “destination” argument
Hello,
Some code that I didn?t write but am maintaining passes a local script?s path as dsync?s ?destination? argument, like so:
dsync -D -u john -v backup -R -1 "/code/dsync_client.pl" 127.0.0.1 john at mydomain.org
dsync_client.pl establishes a TCP connection with a remote dsync process then acts as a proxy between the two dsync processes. ?127.0.0.1? and ?john at mydomain.org?
2016 Jun 21
2
Pluggable SNI?
Hello,
How feasible would it be to have a ?pluggable? Dovecot setup that would permit arbitrary logic for fetching TLS/SNI certificates and key, rather than having to hard-code each domain?s resources in a configuration file?
A couple scenarios that I envision such a framework being able to accommodate:
1) An internal TLS service that accepts queries via a UNIX socket by domain name and
2019 Mar 12
1
Re: “doveadm mailbox” command fails with UTF-8 mailboxes
> On Mar 12, 2019, at 3:28 PM, Aki Tuomi <aki.tuomi at open-xchange.com> wrote:
>
>
>> On 12 March 2019 21:20 Felipe Gasper via dovecot <dovecot at dovecot.org> wrote:
>>
>>
>> Hello,
>>
>> I?ve got a strange misconfiguration where the following command:
>>
>> doveadm -f pager mailbox status -u spamutf8 'messages vsize
2020 Sep 28
1
custom userdb server, Exim, and proxying
Hi all,
We have Exim using Dovecot for authentication. Dovecot, in turn, consults a custom internal server that answers Dovecot?s userdb queries.
When IMAP connections arrive, for some users we want to forward those connections--without authentication--to an external IMAP server. For these users, we return ?proxy_maybe? and ?nopassword? in the authn response from our userdb server. This tells