-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathTLS_TODO
25 lines (18 loc) · 1.04 KB
/
TLS_TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
This list does not really follow priority.
* Implement support of CRL checking. OpenSSL 0.9.7 finally supports CRLs,
so Postfix/TLS should support loading CRLs.
* Cleanup the "pfixtls" special logging, so that it fits Wietses original
"per site" decision to make debugging easier.
* Move TLS based information from separate lines into Postfix's smtpd
logging lines to make logfile analysis easier.
* Check the "info_callback" for sensitive use. I already had to remove the
"warning alert" issued on normal shutdown. Why is a warning issued for
a normal shutdown??
* Introduce new tls_per_client table to achieve the same selective behaviour
for incoming connections.
* Introduce better support for "opportunistic" encryption: collect information
about peers connecting; log warnings when the key changed etc.
[I am not sure that I already have the best answers available.]
* Find a way to use the certificates themselves instead of the fingerprints
to allow certificate based relaying. The maintenance of the fingerprints
is a nightmare.