Univention Bugzilla – Full Text Bug Listing |
Summary: | Dovecot should support multiple SSL certificates with SNI | ||
---|---|---|---|
Product: | UCS | Reporter: | Erik Damrose <damrose> |
Component: | Mail - Dovecot | Assignee: | Erik Damrose <damrose> |
Status: | CLOSED FIXED | QA Contact: | Daniel Tröder <troeder> |
Severity: | normal | ||
Priority: | P5 | CC: | damrose, heidelberger, schneider, schwardt, troeder |
Version: | UCS 4.3 | ||
Target Milestone: | UCS 4.3-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 5: Major Usability: Impairs usability in key scenarios |
Who will be affected by this bug?: | 3: Will affect average number of installed domains | How will those affected feel about the bug?: | 3: A User would likely not purchase the product |
User Pain: | 0.257 | Enterprise Customer affected?: | |
School Customer affected?: | Yes | ISV affected?: | |
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Erik Damrose
2019-03-22 16:04:52 CET
83259838 Add SNI Support to univention-mail-dovecot Additional fqdns and certificates can be configured with UCRvs mail/dovecot/ssl/sni/$fqdn/certificate=$path_to_certificate and mail/dovecot/ssl/sni/$fqdn/key=$path_to_certificate_key 57f964eb testcase fcc1de9e changelog 50181ece yaml OK: code OK: automated test 40_mail/48_check_ssl_sni fails with univention-mail-dovecot=4.0.0-13 and succeeds with 4.0.0-16 OK: manual test: # univention-certificate new -name foo.bar -days 2 # ucr set mail/dovecot/ssl/sni/foo.bar/certificate=/etc/univention/ssl/foo.bar/cert.pem mail/dovecot/ssl/sni/foo.bar/key=/etc/univention/ssl/foo.bar/private.key # grep foo.bar /etc/dovecot/conf.d/10-ssl.conf local_name foo.bar { ssl_cert = < /etc/univention/ssl/foo.bar/cert.pem ssl_key = < /etc/univention/ssl/foo.bar/private.key # service dovecot restart (my notebook)# echo '10.200.3.53 foo.bar ox53.uni.dtr' >> /etc/hosts (my notebook)# fetchmail -v --ssl --check --nodetach --protocol IMAP --all --keep --username test2m@uni.dtr ox53.uni.dtr Trying to connect to 10.200.3.53/993...connected. fetchmail: Server certificate: fetchmail: Issuer Organization: Uni Test GmbH fetchmail: Issuer CommonName: Univention Corporate Server Root CA (ID=kL5WjO6C) fetchmail: Subject CommonName: ox53.uni.dtr fetchmail: Subject Alternative Name: ox53.uni.dtr fetchmail: Subject Alternative Name: ox53 fetchmail: ox53.uni.dtr key fingerprint: 47:A1:55:60:D8:34:22:EF:FD:C5:FE:56:2B:CE:04:33 (my notebook)# fetchmail -v --ssl --check --nodetach --protocol IMAP --all --keep --username test2m@uni.dtr foo.bar Trying to connect to 10.200.3.53/993...connected. fetchmail: Server certificate: fetchmail: Issuer Organization: Uni Test GmbH fetchmail: Issuer CommonName: Univention Corporate Server Root CA (ID=kL5WjO6C) fetchmail: Subject CommonName: foo.bar fetchmail: Subject Alternative Name: foo.bar fetchmail: Subject Alternative Name: foo fetchmail: foo.bar key fingerprint: A5:8C:50:7A:9C:B7:27:F0:83:B0:B4:20:C9:4A:5E:0D |