Hi folks,
SME 7 looks very nice, and I want to add my thanks and appreciation for all the dev work going into it.
I am however, finding a problem. For my application, requiring authenticated SSL client certs are a good thing. (Is anyone else doing this?)
Under SME6.x you could configure POP3S to require client certificates from a list by configuring the stunnel options in /service/pop3s correctly (and providing the certs, of course.)
In SME7 in pop3s, tcpserver+stunnel has been replaced by tcpsvd+sslio, presumably because most folks would prefer the privilege dropping that is now available. However we do lose the client certificate authentication possibilities - or am I missing something? Or is there a kosher way of handling client certs centrally that I should be aware of?
For example, could we not drop privileges in tcpsvd, and then revert to using stunnel instead of sslio, so that we can support client cert auth as before?
Any advice is welcome.
0 Replies
1577 Views