diff options
| author | Sam Varshavchik | 2016-03-04 23:08:26 -0500 |
|---|---|---|
| committer | Sam Varshavchik | 2016-03-04 23:08:49 -0500 |
| commit | 39221e5683cdca9c32ecea46424f6b9c1318b3c4 (patch) | |
| tree | 11b492e8c1596fca3b5f3933339d197ac8433a4e /imap/pop3d-ssl.dist.in.git | |
| parent | fe673c0b81ae204e728e813698a5b94b3fdfa0e5 (diff) | |
| download | courier-libs-39221e5683cdca9c32ecea46424f6b9c1318b3c4.tar.bz2 | |
OpenSSL: add support for the TLS SNI extension.
Diffstat (limited to 'imap/pop3d-ssl.dist.in.git')
| -rw-r--r-- | imap/pop3d-ssl.dist.in.git | 35 |
1 files changed, 17 insertions, 18 deletions
diff --git a/imap/pop3d-ssl.dist.in.git b/imap/pop3d-ssl.dist.in.git index 89d6e7d..70ee341 100644 --- a/imap/pop3d-ssl.dist.in.git +++ b/imap/pop3d-ssl.dist.in.git @@ -5,7 +5,7 @@ # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # -# Copyright 2000-2013 Double Precision, Inc. See COPYING for +# Copyright 2000-2016 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for the Courier-IMAP server @@ -186,30 +186,29 @@ COURIERTLS=@bindir@/couriertls # treated as confidential, and must not be world-readable. Set TLS_CERTFILE # instead of TLS_DHCERTFILE if this is a garden-variety certificate # -# VIRTUAL HOSTS (servers only): +# VIRTUAL HOSTS ON THE SAME IP ADDRESS. # -# Due to technical limitations in the original SSL/TLS protocol, a dedicated -# IP address is required for each virtual host certificate. If you have -# multiple certificates, install each certificate file as +# Install each certificate $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to +# /etc/certificate.pem, then you'll need to install the actual certificate +# files as /etc/certificate.pem.www.example.com, +# /etc/certificate.pem.www.domain.com and so on. Then, create a link from +# $TLS_CERTFILE to whichever certificate you consider to be the main one, +# for example: +# /etc/certificate.pem => /etc/certificate.pem.www.example.com +# +# IP-BASED VIRTUAL HOSTS: +# +# There may be a need to support older SSL/TLS client that don't support +# virtual hosts on the same IP address, and require a dedicated IP address +# for each SSL/TLS host. If so, install each certificate file as # $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address # for the certificate's domain name. So, if TLS_CERTFILE is set to # /etc/certificate.pem, then you'll need to install the actual certificate # files as /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3 # and so on, for each IP address. # -# GnuTLS only (servers only): -# -# GnuTLS implements a new TLS extension that eliminates the need to have a -# dedicated IP address for each SSL/TLS domain name. Install each certificate -# as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem, -# then you'll need to install the actual certificate files as -# /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com -# and so on. -# -# Note that this TLS extension also requires a corresponding support in the -# client. Older SSL/TLS clients may not support this feature. -# -# This is an experimental feature. +# In all cases, $TLS_CERTFILE needs to be linked to one of the existing +# certificate files. TLS_CERTFILE=@certsdir@/pop3d.pem |