You are aware that OpenBSD 7.4 has not been released yet, right? On Mon, Oct 09, 2023 at 06:42:02PM +0200, Noth wrote: > > This wasn't covered in http://www.openbsd.org/plus74.html . I have a setup > where various OpenBSD instances log via TLS to a central logger, using self > signed certificates I generated locally (10 year validity). Both the server > and the clients verify each other using the -c & -s options for syslogd on > the clients and -K for the server. > > I upgraded to 7.4 via CVS on my VMs but not my routers (yet). The 7.3 > routers are still able to connect via TLS but the 7.4 VMs can't as they > don't like the self signed certs. It'd be nice if this was in the > upgrade74.html with some explanation of why this changed.
Actually, if you built from source from a recent -current (HEAD) checkout, what you got was just that: something that is close to what will be 7.4-release, (a matter of weeks if not days), but not actually 7.4-release or -stable. > Is my path to getting all this working again the way it was to use Let's > Encrypt certificates? It's hard to tell the exact cause of your problem since you do not provice crucial data such as any error messages that would appear in a log somewhere. We also do not know much about your configuration or what requirements the setup is supposed to fill. But sure, in quite a number of situations auto-reneweing Let's Encrypt certificates would be a serviceable solution. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.