On Sat, Feb 15, 2014 at 09:26:35PM +0100, Frank Brodbeck wrote: > Hi, > > On Fri, Feb 14, 2014 at 07:24:32PM -0500, Ted Unangst wrote: > > I would try using a full path. > > > > pki example ca "/etc/ssl/myca.pem" > > I already tried it with full path. But I got it working now by > specifying certificate and key, too: > > pki example certificate "/etc/ssl/relay.crt" > pki example key "/etc/ssl/private/relay.key" > pki example ca "/etc/ssl/ca.crt" > > and later on: > > accept from any for domain example.tld relay via tls://relay.example.tld pki > example verify > > But I am still wondering if I am doing it right. Because normally it > should be enough to have the signing certificate and it shouldn't be > neccessary to provide the peer's cert and key or am I wrong here? > > Trying to test my thesis I created two empty files: foo.pem and foo.key > and used them in my pki statement with some astonishing result: > > # smtpd -nf /etc/mail/smtpd.conf > Segmentation fault (core dumped) > > While the test is more or less stupid I wasn't expecting a segfault ;-) >
me neither, I'll fix this tomorrow, I'm currently away from home -- Gilles Chehade https://www.poolp.org @poolpOrg
