separate TLS private key from [imapd|pop3d].pem #13
Conversation
|
In the OpenSSL version both get_ip_concated_readable_file() and get_servername_concated_readable_file() will leak memory if they return NULL. The added 2nd "#ifdef HAVE_OPENSSL_SNI" results in a hard to read diff, because git's diff thinks that this is the original line, and then shows a bunch of unchanged code by removing and adding it. The resulting change isn't easy to understand. There are a number of ways to make it look better, like adding an extra spaces, "#ifdefHAVE_OPEEN_SNI" or, perhaps, putting #ifndef HAVE_OPESSL_SNI At the beginning of the file and using "#ifdef USE_SNI" instead, something like that. |
mumumu
force-pushed
the
new_feature_TLS_PRIVATE_KEYFILE
branch
from
26e5456
to
141976c
Compare
Thank you for pointing out. Fixed.
OK. I moved newly added function location to make diff more readable. |
|
Looks fine, after another review and a look. A major release is being prepared, shortly. This'll be merged after the next release. Don't know yet if I'll use github to merge this branch, or if I will do it directly. |
If you use github to merge this branch, I'll very glad, because merge result is simple to understand for everyone. |
|
Hi guys, should this be working feature now? I'm trying it on Ubuntu 20.04, there already is the option TLS_PRIVATE_KEYFILE documented in imapd-ssl configuration file, but seems it is ignored and not actually implemented... I've even tried to put some bogus non-existent path here, but it never produces any error anywhere. |
|
I take it back, problem was on my side, I didn't have private key file properly readable. It would be best to produce error or at least warning in such case, not just silently ignore it like you do... |
closes: svarshavchik/courier#10
TLS_PRIVATE_KEYFILEsetting and existingTLS_CERTFILEonly includes cert pem file only.TLS_PRIVATE_KEYFILEis not specified, fallback to default cert file and private key combined file.