On Mon, May 03, 2021 at 06:33:24PM +0200, Heiko Schlittermann wrote:
> For the upcoming 4.94.2 a patch is part of the 4.94.2+fixes branch
> already. It will be cherry-picked to master soon.
Got a pointer to the patch?
> Thank you again for your fast response yesterday.
You're welcome. Yes, there's a non-trivial number of domains where
production of the correct certificate depends on sending the TLSA base
domain as the SNI value. I am not a fan of per-host-domain MX
hostnames, and associated reliance on SNI, but for some mysterious
reason there are operators who prefer this model.
--
Viktor.
