On Wed, Feb 04, 2026 at 03:51:11PM +1000, Paul W. Rankin wrote:
> > On 04/02/2026 1:58 PM AEST mischief () offblast ! org wrote:
> > this was brought up by rnkn on IRC,
>
> I'm just looping myself in here. Thanks.
>
one approach is to return negative cko_tlen back to rsae_send_imsg. this
might result in some broken tls connections, but its better than taking
down all of relayd.
a better fix would probably be to temporarily stop processing rsa ops
altogether while reload is happening, but i'm not sure of a good
approach for that.
Index: ca.c
===================================================================
RCS file: /cvs/src/usr.sbin/relayd/ca.c,v
diff -u -p -r1.45 ca.c
--- ca.c 21 Nov 2024 13:21:34 -0000 1.45
+++ ca.c 4 Feb 2026 06:03:33 -0000
@@ -234,9 +234,15 @@ ca_dispatch_relay(int fd, struct privsep
fatalx("%s: invalid relay proc", __func__);
if (IMSG_DATA_SIZE(imsg) != (sizeof(cko) + cko.cko_flen))
fatalx("%s: invalid key operation", __func__);
- if ((pkey = pkey_find(env, cko.cko_hash)) == NULL)
- fatalx("%s: invalid relay hash '%s'",
+ if ((pkey = pkey_find(env, cko.cko_hash)) == NULL) {
+ log_warnx("%s: invalid relay hash '%s'",
__func__, cko.cko_hash);
+ cko.cko_tlen = -1;
+ if (proc_compose_imsg(env->sc_ps, PROC_RELAY,
cko.cko_proc,
+ imsg->hdr.type, -1, -1, &cko, sizeof(cko)) == -1)
+ log_warn("%s: proc_composev_imsg", __func__);
+ break;
+ }
if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL)
fatalx("%s: invalid relay key", __func__);
