Hi All,
When using the following config for relayd, the keypair is not loaded
twice.
Without 'keypair' and using the default way, <IP-address>.crt and
<IPv6-address>.crt in /etc/ssl and /etc/ssl/private it's working as
expected.
Is this expected behavior?
###
table <localhost> { 127.0.0.1 }
ext_v4 = "46.xx.xx.130"
ext_v6 = "2a03:xxxx:xxx::130"
http protocol httpfilter {
tcp { nodelay, sack }
pass request quick path "/.well-known/acme-challenge/*" forward
to <localhost>
}
http protocol httpsfilter {
tcp { nodelay, sack }
tls { keypair test.high5.nl, ciphers
"kEECDH:!AESGCM:!aNULL:!SHA1:!MD5:@STRENGTH", no client-renegotiation }
}
relay default {
listen on $ext_v4 port 80
listen on $ext_v6 port 80
protocol httpfilter
forward to <localhost> port 80
forward to <localhost> port 3129
}
relay default_tls {
listen on $ext_v4 port 443 tls
listen on $ext_v6 port 443 tls
protocol httpsfilter
forward to <localhost> port 443
}
###
test# relayd -d -vvvv
startup
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
relay_load_certfiles: using certificate /etc/ssl/test.high5.nl.crt
relay_load_certfiles: using private key
/etc/ssl/private/test.high5.nl.key
/etc/relayd.conf:22: cannot load certificates for relay default_tls4:443
socket_rlimit: max open files 1024
pfe: filter init done
hce exiting, pid 30862
pfe exiting, pid 39056
ca exiting, pid 87123
ca exiting, pid 32013
ca exiting, pid 78073
relay exiting, pid 24340
relay exiting, pid 4410
relay exiting, pid 14486
