On Tue, May 05, 2015 at 05:21:39PM -0700, Seth wrote: > On Tue, 05 May 2015 13:11:32 -0700, Daniel Pajonzeck <[email protected]> > wrote: > >I haven't tested if invalid certificates are rejected, but surprisingly > >"accept for any relay tls verify" doesn't result in a syntax error. > >This contradicts the manpage: > > > >"relay ... [tls | verify]" > >and > >"Note that the tls and verify options are mutually exclusive" > > > >Correct me if I am wrong. > > You are correct this contradicts the man page. I just pulled example from > one of my production configs. > > Can't even remember how I decided to set it that way to be honest, probably > just experimentation. > > Someone who understands C code or one the devs will have to weight in to > explain the observed behavior. >
Hi, This is a documentation error: When I initially wrote the relay tls verify code, it worked the way that is described in the man page. Later, the code was rearranged, the verify code was made the same for the incoming and outgoing path and it ocurred to me that "verify" should be a parameter to "tls" like we do in listen: listen [...] tls-require verify The code was updated and when I checked that there was documentation for the feature later on, I missed the fact that it had changed. This is why I no longer document stuff before it has stabilized a bit. I'll fix the documentation bug today, it'll be part of next snapshot, Thanks -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
