Re: Clarification smtpd.conf(5)
On Fri, Dec 17, 2010 at 04:53:35AM +0530, Sunil Nimmagadda wrote: I am new to OpenBSD and smtpd, please ignore if this is too trivial to inform. Smtpd checks for two files instead of one when no certificate name is specified for listen on. Though one of the examples shows exactly what has to be done, I thought it helps mentioning explicitly. after some dicussion with gilles, we committed the diff below. hope that's all clear now, and thanks for the diff. jmc Index: smtpd.conf.5 === RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v retrieving revision 1.36 diff -u -r1.36 smtpd.conf.5 --- smtpd.conf.529 Oct 2010 09:16:08 - 1.36 +++ smtpd.conf.518 Dec 2010 22:24:02 - @@ -110,15 +110,28 @@ or SMTPS .Pq Ic smtps , by default on port 465. +Host certificates may be used for these connections, +and are searched for in the +.Pa /etc/mail/certs +directory. +If +.Ic certificate +is specified, +a certificate +.Ao Ar name Ac Ns .crt +and key +.Ao Ar name Ac Ns .key +are searched for. +If no +.Ic certificate +is specified, +the default interface name is instead used, +for example +.Pa fxp0.crt +and +.Pa fxp0.key . Creation of certificates is documented in .Xr starttls 8 . -If no certificate -.Ar name -is specified, the -.Pa /etc/mail/certs -directory is searched for a file named by joining -the interface name with a .crt extension, e.g.\ -.Pa /etc/mail/certs/fxp0.crt . .Pp If the .Ic enable auth
Re: Clarification smtpd.conf(5)
Sorry for the delay, I didn't have a clear mind when I received your mail and didn't understand exactly what you meant :-) You are right this behavior is not documented, we'll fix it shortly with a little rephrasing. however, on a related note, I also have plans to change this code a bit so that we can specify filenames rather than certnames from which we infer .crt and .key, this would allow to store key's and cert's in separate directories for example. Anyways, thanks for your diff Gilles On Fri, Dec 17, 2010 at 04:53:35AM +0530, Sunil Nimmagadda wrote: I am new to OpenBSD and smtpd, please ignore if this is too trivial to inform. Smtpd checks for two files instead of one when no certificate name is specified for listen on. Though one of the examples shows exactly what has to be done, I thought it helps mentioning explicitly. Index: smtpd.conf.5 === RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v retrieving revision 1.36 diff -u -r1.36 smtpd.conf.5 --- smtpd.conf.529 Oct 2010 09:16:08 - 1.36 +++ smtpd.conf.516 Dec 2010 22:53:51 - @@ -116,9 +116,9 @@ .Ar name is specified, the .Pa /etc/mail/certs -directory is searched for a file named by joining -the interface name with a .crt extension, e.g.\ -.Pa /etc/mail/certs/fxp0.crt . +directory is searched for files named by joining +the interface name with .crt, .key extensions, e.g.\ +.Pa /etc/mail/certs/fxp0.crt /etc/mail/certs/fxp0.key . .Pp If the .Ic enable auth -- Gilles Chehade freelance developer/sysadmin/consultant http://www.poolp.org
Clarification smtpd.conf(5)
I am new to OpenBSD and smtpd, please ignore if this is too trivial to inform. Smtpd checks for two files instead of one when no certificate name is specified for listen on. Though one of the examples shows exactly what has to be done, I thought it helps mentioning explicitly. Index: smtpd.conf.5 === RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v retrieving revision 1.36 diff -u -r1.36 smtpd.conf.5 --- smtpd.conf.529 Oct 2010 09:16:08 - 1.36 +++ smtpd.conf.516 Dec 2010 22:53:51 - @@ -116,9 +116,9 @@ .Ar name is specified, the .Pa /etc/mail/certs -directory is searched for a file named by joining -the interface name with a .crt extension, e.g.\ -.Pa /etc/mail/certs/fxp0.crt . +directory is searched for files named by joining +the interface name with .crt, .key extensions, e.g.\ +.Pa /etc/mail/certs/fxp0.crt /etc/mail/certs/fxp0.key . .Pp If the .Ic enable auth