On Mon, Apr 20, 2015 at 05:45:44PM +0000, G B wrote: > While reading through past messages I ran across the mail contained below > which asks about SNI which has support in OpenSMTPD from what I've read, but > there wasn't a reply to the question.?? It is something I'm interested to > know if it can be done and if so, how??? Thanks. > > The original email:Hi, > > according to the release notes of 5.4.2 SNI should be supported however = > the question is how since there is no mention of it in man smtpd.conf. > > I tried using multiple pki settings without specifing pki in the listen = > option but all I get when testing is the following errors: > > Oct 29 11:12:07 de01 smtpd[65176]: smtp-in: Disconnecting session = > 6af90a54317f3abd: CA failure > > When I explicitly specify "pki mail.domain1.tld" in the listen option it = > works for that specific domain. > > Any ideas? >
If your operating system comes with an SSL library that has the SNI TLS extension, then it should just work out of the box as long as a listener has TLS enabled and you have the pki declared. There is no button (as of yet) to toggle it on or off. There is however a problem with our handling of CA that may lead to the CA failure you experience above. I'm working on a fix that will be available in next snapshot + major release. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
