On Fri, Jul 26, 2019 at 08:19:33AM +0000, L??vai, D??niel wrote:
> Hi all!
> 
> Running OpenBSD 6.5-stable, I have this on my relay host:
> 
> smtpd.conf:
> ca myCA cert "/path/to/myCA.pem"
> 
> listen on egress port submission \
> tls-require verify \
> ca myCA
> 
> Now with that I expected that it'll only accept smtp clients that provide a 
> certificate signed by myCA, but it turns out it accepts any certificate that 
> is trusted based on the default /etc/ssl/certs.pem file.
> Besides (re)moving the stock certs file or any other intrusive/ugly 
> workaround, is there any way I could force a CA for those connections?
> 

Your expectations are also mine.

Please open an issue on our bug tracker, I'll have a look at it shortly
as I recently did work in that area and it worked as I expected, so I'm
a bit surprised.

-- 
Gilles Chehade                                                 @poolpOrg

https://www.poolp.org            patreon: https://www.patreon.com/gilles

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Reply via email to