permit_tls_clientcerts usage in multiple restrictions?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

permit_tls_clientcerts usage in multiple restrictions?

PGNet Dev
i'd like to clarify mumble restrictions' checking in the case of tls clientcerts.

with settings of

 relay_clientcerts=lmdb:/etc/postfix/relay_clientcerts
 smtp_tls_session_cache_database = lmdb:/var/lib/postfix/smtp_cache
 smtp_tls_session_cache_database = lmdb:/var/lib/postfix/smtpd_cache

if i also set mumble restrictions of

 smtpd_client_restrictions=permit_tls_clientcerts,reject
 smtpd_relay_restrictions=permit_tls_clientcerts,reject

is a "permit_tls_clientcerts" check against 'relay_clientcerts' executed twice, or simply once, cached & reused?

if the check result _is_ cached, _is_ it in the tls_session_cache? or is the session cache unrelated here, and the restriction check result is held elsewhere?


Reply | Threaded
Open this post in threaded view
|

Re: permit_tls_clientcerts usage in multiple restrictions?

Wietse Venema
PGNet Dev:
>  smtpd_client_restrictions=permit_tls_clientcerts,reject
>  smtpd_relay_restrictions=permit_tls_clientcerts,reject

permit_tls_clientcerts is evaluated twice.

        Wietse