I've made a patch which enables usage of different TLS certificates depending on TCPLOCALHOST or TCPLOCALIP.
The patch could be safely applied independently of the USE flags.
qmail-smtpd will roughly work as follows:
CERTFILE = ""
if $TCPLOCALHOST != ""
if "control/servercert-$TCPLOCALHOST.pem" exists
CERTFILE = "control/servercert-$TCPLOCALHOST.pem"
else if $TCPLOCALIP != ""
if "control/servercert-$TCPLOCALIP.pem" exists
CERTFILE = "control/servercert-$TCPLOCALIP.pem"
if $CERTFILE == ""
CERTFILE = "control/servercert.pem"
Created attachment 60001 [details, diff]
This patch works for me on x86 arch - tested for 2 months.
Can you please provide a patch that applies to qmail-1.03-r16? Preferably after
the famd-dnotify patch. The TLS patch has been heavily updated for r16, so
things are different. r15 will not be updated because it's the stable version
for all architectures. Thanks!
Created attachment 60707 [details, diff]
this patch is ment to be applied to the current mail-mta/qmail-1.03-r16
it enables configuration of the servercert used by qmail-smtpd daemon through
SMTP_SERVERCERT env var.
indeed, TLS patch has been redesigned.
it looks better, btw.
Created attachment 60708 [details, diff]
correct the comment
Added to qmail-1.03-r16. Can you test it, please?
TLS part works as expected.
However, AUTH part refuse to work for some strange reason.
I will analyse later, since I do not have the time to do it right now.