Hi all!

Running OpenBSD 6.5-stable, I have this on my relay host:

ca myCA cert "/path/to/myCA.pem"

listen on egress port submission \
tls-require verify \
ca myCA

Now with that I expected that it'll only accept smtp clients that provide a 
certificate signed by myCA, but it turns out it accepts any certificate that is 
trusted based on the default /etc/ssl/certs.pem file.
Besides (re)moving the stock certs file or any other intrusive/ugly workaround, 
is there any way I could force a CA for those connections?

Thanks for any hints,

Lévai, Dániel

You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Reply via email to