[PATCH] client certificates for TLS
Duncan Gibb
Duncan.Gibb at SiriusIT.co.uk
Fri Nov 7 12:59:04 EST 2008
Hello
Friday afternoon proposed feature enhancement...
The attached patch extends the functionality of backend.c to support
client certificates when setting up TLS sessions between one Cyrus
machine and another.
The new options tls_client_cert_file and tls_client_key_file can use the
established "<service>_" and/or "<shorthost>_" prefixes just like the
server certificate equivalents and "<shorthost>_password".
Client certificates can be used to augment or, by the magic of SASL's
"EXTERNAL" mechanism, replace passwords for Cyrus-to-Cyrus
authentication in Murder.
Tested (very briefly) on Debian x86_64 for imap proxy authentication and
mupdate authentication (with our mupdate TLS patches -- see
https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3119 ).
Cheers
Duncan
--
Duncan Gibb, Technical Director
Sirius Corporation plc - The Open Source Experts
http://www.siriusit.co.uk/
Tel: +44 870 608 0063
-------------- next part --------------
A non-text attachment was scrubbed...
Name: backend_client_certs.patch
Type: text/x-diff
Size: 3739 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/cyrus-devel/attachments/20081107/7381755d/attachment.bin
More information about the Cyrus-devel
mailing list