I've made a patch which enables usage of different TLS certificates depending on TCPLOCALHOST or TCPLOCALIP. The patch could be safely applied independently of the USE flags. qmail-smtpd will roughly work as follows: CERTFILE = "" if $TCPLOCALHOST != "" if "control/servercert-$TCPLOCALHOST.pem" exists CERTFILE = "control/servercert-$TCPLOCALHOST.pem" else if $TCPLOCALIP != "" if "control/servercert-$TCPLOCALIP.pem" exists CERTFILE = "control/servercert-$TCPLOCALIP.pem" if $CERTFILE == "" CERTFILE = "control/servercert.pem"
Created attachment 60001 [details, diff] servercert-by-TCPLOCALHOST-or-TCPLOCALIP.patch This patch works for me on x86 arch - tested for 2 months.
Can you please provide a patch that applies to qmail-1.03-r16? Preferably after the famd-dnotify patch. The TLS patch has been heavily updated for r16, so things are different. r15 will not be updated because it's the stable version for all architectures. Thanks!
Created attachment 60707 [details, diff] qmail-1.03-env-servercert.patch this patch is ment to be applied to the current mail-mta/qmail-1.03-r16 it enables configuration of the servercert used by qmail-smtpd daemon through SMTP_SERVERCERT env var.
indeed, TLS patch has been redesigned. it looks better, btw.
Created attachment 60708 [details, diff] qmail-1.03-env-servercert.patch correct the comment
Added to qmail-1.03-r16. Can you test it, please?
TLS part works as expected. However, AUTH part refuse to work for some strange reason. I will analyse later, since I do not have the time to do it right now.