Hi,
On Fri, Feb 14, 2014 at 07:24:32PM -0500, Ted Unangst wrote:
> I would try using a full path.
>
> pki example ca "/etc/ssl/myca.pem"
I already tried it with full path. But I got it working now by
specifying certificate and key, too:
pki example certificate "/etc/ssl/relay.crt"
pki example key "/etc/ssl/private/relay.key"
pki example ca "/etc/ssl/ca.crt"
and later on:
accept from any for domain example.tld relay via tls://relay.example.tld pki
example verify
But I am still wondering if I am doing it right. Because normally it
should be enough to have the signing certificate and it shouldn't be
neccessary to provide the peer's cert and key or am I wrong here?
Trying to test my thesis I created two empty files: foo.pem and foo.key
and used them in my pki statement with some astonishing result:
# smtpd -nf /etc/mail/smtpd.conf
Segmentation fault (core dumped)
While the test is more or less stupid I wasn't expecting a segfault ;-)
Kind regards,
Frank.
