Hi,
did you manage to test the diff?
/Benno
Sebastian Benoit(benoit-li...@fb12.de) on 2019.09.01 17:05:34 +0200:
> Sebastian Benoit(benoit-li...@fb12.de) on 2019.09.01 16:44:37 +0200:
> > Muhammad Kaisar Arkhan(h...@yukiisbo.red) on 2019.08.29 14:55:03 +0200:
> > > Hi Tom,
> > >
> > > > listen on 2a03:6000:9106::50f7:f07a:d1cc port 443 tls
> > >
> > > I've tried this before, it just results in this:
> > >
> > > /etc/relayd.conf:33: cannot load certificates for relay https2:443
> >
> > Your error says "for relay https2", but the relayd.conf file you quote does
> > not have a relay "https2".
> >
> > Please show the output of "relayd -nvv" and *exactly* the /etc/relayd.conf
> > file at the time when you ran the command.
>
> sorry, my mistake: the https2 there is fine, it comes from the second
> "listen ..." directive.
>
> I think i found the issue: relays with multiple listen statements do not
> work with keypair currently.
>
> Can you test this diff with a config that has a listen on the v4 adress and
> a listen on the v6 adress, not the "egress" method.
>
> If it does not work, please show again your config and "relayd -nvv".
>
> /Benno
>
> diff --git usr.sbin/relayd/parse.y usr.sbin/relayd/parse.y
> index c6e2bcacdfb..8338d5c9e6d 100644
> --- usr.sbin/relayd/parse.y
> +++ usr.sbin/relayd/parse.y
> @@ -3323,11 +3312,19 @@ relay_inherit(struct relay *ra, struct relay *rb)
> goto err;
> }
>
> - if (relay_load_certfiles(conf, rb, NULL) == -1) {
> + if (TAILQ_EMPTY(&rb->rl_proto->tlscerts) &&
> + relay_load_certfiles(conf, rb, NULL) == -1) {
> yyerror("cannot load certificates for relay %s",
> rb->rl_conf.name);
> goto err;
> }
> + TAILQ_FOREACH(name, &rlay->rl_proto->tlscerts, entry) {
> + if (relay_load_certfiles(conf, rb, name->name) == -1) {
> + yyerror("cannot load keypair %s for relay %s",
> + name->name, rb->rl_conf.name);
> + goto err;
> + }
> + }
>
> TAILQ_FOREACH(rta, &ra->rl_tables, rlt_entry) {
> if ((rtb = calloc(1, sizeof(*rtb))) == NULL) {
>
--
