From: Alexandre de A. P. <ada...@gm...> - 2017-06-21 15:48:46
|
Thomas, But I'm want to use this with STARTTLS with doTLS on. It's possible ? 2017-06-21 10:26 GMT-03:00 Thomas Eckardt <Tho...@th...>: > You may try the following: > > *Call to Configure SSL-Listener-Parameters for GUI Connections * > *(SSLWEBConfigure)** •* > CorrectASSPcfg::configWebSSL > If used, assp will call the defined subroutine in an eval closure > submitting a reference to the assp predefined SSL-Socket-Configuration-HASH. > The HASH could be modified in place to your needs - please read the > documentation of IO::Socket::SSL, Net::SSLeay and OpenSSL. Return values > are ignored. > You can use/modify the module lib/CorrectASSPcfg.pm to implement your > code. For example > > sub configWebSSL { > $parms = shift; > $parms->{timeout} = 10; > $parms->{'SSL_check_crl'} = 1; > $parms->{'SSL_crl_file'} = '/assp/certs/crl/crllist.pem'; > return; > } > > If the SSL listener should be able to use different certificates on the > same IP address, depending on the name given by SNI, you can use a hash > reference instead of a file with hostname => cert_file. > > In case certs and keys are needed but not given it might fall back. > > sub configWebSSL { > $parms = shift; > $parms->{SSL_cert_file} = { > "foo.example.org" => "/path_to_file/foo-cert.pem", > "bar.example.org" => "/path_to_file/bar-cert.pem", > # used when nothing matches or client does not support SNI > "" => "/path_to_file/server-cert.pem", > } > $parms->{SSL_key_file} = { > "foo.example.org" => "/path_to_file/foo-key.pem", > "bar.example.org" => "/path_to_file/bar-key.pem", > # used when nothing matches or client does not support SNI > "" => "/path_to_file/server-key.pem", > } > } > > Now, if you set this parameter to 'CorrectASSPcfg::configWebSSL' - assp > will call > CorrectASSPcfg::configWebSSL->(\%sslparms); > NOTICE: This option will possibly not work if you use any self signed > certificate! > > > Thomas > > > > > > Von: Alexandre de Arruda Paes <ada...@gm...> > An: For Users of ASSP <ass...@li...> > Datum: 20.06.2017 21:48 > Betreff: [Assp-user] Multiple SSL certs > ------------------------------ > > > > Hi, > > Can I have multiple SSL certs in ASSP? > > i.e.: *mail.domain1.com* <http://mail.domain1.com/>, *mail.domain2.com* > <http://mail.domain2.com/> > > Best regards, > > Alexandre--------------------------------------------------- > --------------------------- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot______ > _________________________________________ > Assp-user mailing list > Ass...@li... > https://lists.sourceforge.net/lists/listinfo/assp-user > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Assp-user mailing list > Ass...@li... > https://lists.sourceforge.net/lists/listinfo/assp-user > > |