Re: tls with relayd (on 5.7) and key without password

2015-05-30 Thread Antonio Feitosa 
Does not work for me.

#/etc/relayd.conf

relayd_addr=127.0.0.1
relayd_port=8080

prefork 10

http protocol httpfilter {
# Return HTTP/HTML error pages to the client
return error

# Block disallowed sites
match request label URL filtered!
block request quick url www.example.com/ value *
}

http protocol http_tls {
tls tlsv1
tls ca key /etc/ssl/private/ca.key password secret
tls ca cert /etc/ssl/ca.crt
}

relay httpproxy {
# Listen on localhost, accept diverted connections from pf(4)
listen on $relayd_addr port $relayd_port
protocol httpfilter

# Forward to the original target host
forward to destination
}

relay sslproxy {
listen on 127.0.0.1 port 8443 tls
protocol http_tls

transparent forward with tls to destination
}
#EOF

#Error messages

# relayd -d -vv -f /etc/relayd.conf
startup
socket_rlimit: max open files 1024
relay_load_certfiles: using ca certificate /etc/ssl/ca.crt
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
relay_load_certfiles: using ca key /etc/ssl/private/ca.key
/etc/relayd.conf:40: cannot load certificates for relay sslproxy
ca exiting, pid 1218
ca exiting, pid 23391
ca exiting, pid 2336
ca exiting, pid 19464
ca exiting, pid 11404
ca exiting, pid 17412
hce exiting, pid 27069
ca exiting, pid 21514
ca exiting, pid 1904
ca exiting, pid 17808
ca exiting, pid 28847
pfe exiting, pid 818
relay exiting, pid 19581
relay exiting, pid 424
relay exiting, pid 29429
relay exiting, pid 13760
relay exiting, pid 4374
relay exiting, pid 3337
relay exiting, pid 11683
relay exiting, pid 5846
relay exiting, pid 22453
relay exiting, pid 2398
#EOF
2015-05-03 18:51 GMT-03:00 Comète com...@daknet.org:
 That works ! Thanks a lot !

 3 mai 2015 20:50 mxb  a écrit:


 Try to
 create symlink in /etc/ssl/private.
 ln -s mydomain.org
 (http://mydomain.org).key 1.2.3.4.key, where “1.2.3.4” is your address in
 $ext_addr.

 //mxb



 On 3 maj 2015, at 13:04, Comète  wrote:
 Hi,

 my
 tls key has no password and i already use it for other stuff, so i try to
 enable TLS with relayd like this:

 http protocol http_tls {
tls tlsv1
tls ca key /etc/ssl/private/mydomain.org.key password 
tls ca
 cert /etc/ssl/mydomain.org.crt
 }

 relay transptls {
listen on
 $ext_addr port 443 tls
protocol http_tls
transparent forward
 with tls to 127.0.0.1 port http
 }

 but i get this error:

 startup
 socket_rlimit: max open files 1024
 socket_rlimit: max open files 1024
 relay_load_certfiles: using ca certificate /etc/ssl/mydomain.org.crt
 socket_rlimit: max open files 1024
 socket_rlimit: max open files 1024
 relay_load_certfiles: using ca key /etc/ssl/private/mydomain.org.key
 /etc/relayd.conf:24: cannot load certificates for relay transptls
 no actions,
 nothing to do
 ca exiting, pid 29173
 pfe exiting, pid 19946
 ca exiting, pid
 3806
 ca exiting, pid 24689
 hce exiting, pid 32289
 relay exiting, pid 22936
 relay exiting, pid 25790

 So, is it possible to use a tls key without password
 with relayd ?

 Thank you

 Morgan







-- 
Antonio Feitosa (http://twitter.com/teebsd)
#Security Consultant, #OpenBSD addicted, #ARM hobbyst and #Blues
#Musician. #P2P is the real #cloudcomputing.
Rio de Janeiro, Brazil ·
Github: https://github.com/TeeBSD
Blog: http://teebsd.github.io/

Re: tls with relayd (on 5.7) and key without password

2015-05-30 Thread Antonio Feitosa 
Someone else with that issue?

2015-05-30 17:28 GMT-03:00 Antonio Feitosa antonio@gmail.com:
 Does not work for me.

 #/etc/relayd.conf

 relayd_addr=127.0.0.1
 relayd_port=8080

 prefork 10

 http protocol httpfilter {
 # Return HTTP/HTML error pages to the client
 return error

 # Block disallowed sites
 match request label URL filtered!
 block request quick url www.example.com/ value *
 }

 http protocol http_tls {
 tls tlsv1
 tls ca key /etc/ssl/private/ca.key password secret
 tls ca cert /etc/ssl/ca.crt
 }

 relay httpproxy {
 # Listen on localhost, accept diverted connections from pf(4)
 listen on $relayd_addr port $relayd_port
 protocol httpfilter

 # Forward to the original target host
 forward to destination
 }

 relay sslproxy {
 listen on 127.0.0.1 port 8443 tls
 protocol http_tls

 transparent forward with tls to destination
 }
 #EOF

 #Error messages

 # relayd -d -vv -f /etc/relayd.conf
 startup
 socket_rlimit: max open files 1024
 relay_load_certfiles: using ca certificate /etc/ssl/ca.crt
 socket_rlimit: max open files 1024
 socket_rlimit: max open files 1024
 socket_rlimit: max open files 1024
 socket_rlimit: max open files 1024
 socket_rlimit: max open files 1024
 socket_rlimit: max open files 1024
 socket_rlimit: max open files 1024
 socket_rlimit: max open files 1024
 socket_rlimit: max open files 1024
 socket_rlimit: max open files 1024
 relay_load_certfiles: using ca key /etc/ssl/private/ca.key
 /etc/relayd.conf:40: cannot load certificates for relay sslproxy
 ca exiting, pid 1218
 ca exiting, pid 23391
 ca exiting, pid 2336
 ca exiting, pid 19464
 ca exiting, pid 11404
 ca exiting, pid 17412
 hce exiting, pid 27069
 ca exiting, pid 21514
 ca exiting, pid 1904
 ca exiting, pid 17808
 ca exiting, pid 28847
 pfe exiting, pid 818
 relay exiting, pid 19581
 relay exiting, pid 424
 relay exiting, pid 29429
 relay exiting, pid 13760
 relay exiting, pid 4374
 relay exiting, pid 3337
 relay exiting, pid 11683
 relay exiting, pid 5846
 relay exiting, pid 22453
 relay exiting, pid 2398
 #EOF
 2015-05-03 18:51 GMT-03:00 Comète com...@daknet.org:
 That works ! Thanks a lot !

 3 mai 2015 20:50 mxb  a écrit:


 Try to
 create symlink in /etc/ssl/private.
 ln -s mydomain.org
 (http://mydomain.org).key 1.2.3.4.key, where “1.2.3.4” is your address in
 $ext_addr.

 //mxb



 On 3 maj 2015, at 13:04, Comète  wrote:
 Hi,

 my
 tls key has no password and i already use it for other stuff, so i try to
 enable TLS with relayd like this:

 http protocol http_tls {
tls tlsv1
tls ca key /etc/ssl/private/mydomain.org.key password 
tls ca
 cert /etc/ssl/mydomain.org.crt
 }

 relay transptls {
listen on
 $ext_addr port 443 tls
protocol http_tls
transparent forward
 with tls to 127.0.0.1 port http
 }

 but i get this error:

 startup
 socket_rlimit: max open files 1024
 socket_rlimit: max open files 1024
 relay_load_certfiles: using ca certificate /etc/ssl/mydomain.org.crt
 socket_rlimit: max open files 1024
 socket_rlimit: max open files 1024
 relay_load_certfiles: using ca key /etc/ssl/private/mydomain.org.key
 /etc/relayd.conf:24: cannot load certificates for relay transptls
 no actions,
 nothing to do
 ca exiting, pid 29173
 pfe exiting, pid 19946
 ca exiting, pid
 3806
 ca exiting, pid 24689
 hce exiting, pid 32289
 relay exiting, pid 22936
 relay exiting, pid 25790

 So, is it possible to use a tls key without password
 with relayd ?

 Thank you

 Morgan







 --
 Antonio Feitosa (http://twitter.com/teebsd)
 #Security Consultant, #OpenBSD addicted, #ARM hobbyst and #Blues
 #Musician. #P2P is the real #cloudcomputing.
 Rio de Janeiro, Brazil ·
 Github: https://github.com/TeeBSD
 Blog: http://teebsd.github.io/



-- 
Antonio Feitosa (http://twitter.com/teebsd)
#Security Consultant, #OpenBSD addicted, #ARM hobbyst and #Blues
#Musician. #P2P is the real #cloudcomputing.
Rio de Janeiro, Brazil ·
Github: https://github.com/TeeBSD
Blog: http://teebsd.github.io/

Re: tls with relayd (on 5.7) and key without password

2015-05-03 Thread Comète 
That works ! Thanks a lot !

3 mai 2015 20:50 mxb  a écrit:

 
Try to
create symlink in /etc/ssl/private.
ln -s mydomain.org
(http://mydomain.org).key 1.2.3.4.key, where “1.2.3.4” is your address in
$ext_addr.
 
//mxb
 

 
On 3 maj 2015, at 13:04, Comète  wrote: 
Hi,

my
tls key has no password and i already use it for other stuff, so i try to
enable TLS with relayd like this:

http protocol http_tls {
   tls tlsv1
   tls ca key /etc/ssl/private/mydomain.org.key password 
   tls ca
cert /etc/ssl/mydomain.org.crt
}

relay transptls {
   listen on
$ext_addr port 443 tls
   protocol http_tls
   transparent forward
with tls to 127.0.0.1 port http
}

but i get this error:

startup
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
relay_load_certfiles: using ca certificate /etc/ssl/mydomain.org.crt
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
relay_load_certfiles: using ca key /etc/ssl/private/mydomain.org.key
/etc/relayd.conf:24: cannot load certificates for relay transptls
no actions,
nothing to do
ca exiting, pid 29173
pfe exiting, pid 19946
ca exiting, pid
3806
ca exiting, pid 24689
hce exiting, pid 32289
relay exiting, pid 22936
relay exiting, pid 25790

So, is it possible to use a tls key without password
with relayd ?

Thank you

Morgan
 

 

tls with relayd (on 5.7) and key without password

2015-05-03 Thread Comète 
Hi,

my tls key has no password and i already use it for other stuff, so i try to 
enable TLS with relayd like this:

http protocol http_tls {
tls tlsv1
tls ca key /etc/ssl/private/mydomain.org.key password  
tls ca cert /etc/ssl/mydomain.org.crt
}

relay transptls {
listen on $ext_addr port 443 tls
protocol http_tls
transparent forward with tls to 127.0.0.1 port http
}

but i get this error:

startup
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
relay_load_certfiles: using ca certificate /etc/ssl/mydomain.org.crt
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
relay_load_certfiles: using ca key /etc/ssl/private/mydomain.org.key
/etc/relayd.conf:24: cannot load certificates for relay transptls
no actions, nothing to do
ca exiting, pid 29173
pfe exiting, pid 19946
ca exiting, pid 3806
ca exiting, pid 24689
hce exiting, pid 32289
relay exiting, pid 22936
relay exiting, pid 25790

So, is it possible to use a tls key without password with relayd ?

Thank you

Morgan

Re: tls with relayd (on 5.7) and key without password

2015-05-03 Thread mxb 
Try to create symlink in /etc/ssl/private.
ln -s mydomain.org http://mydomain.org/.key 1.2.3.4.key, where “1.2.3.4”
is your address in $ext_addr.

//mxb

 On 3 maj 2015, at 13:04, Comète com...@daknet.org wrote:

 Hi,

 my tls key has no password and i already use it for other stuff, so i try to
enable TLS with relayd like this:

 http protocol http_tls {
tls tlsv1
tls ca key /etc/ssl/private/mydomain.org.key password 
tls ca cert /etc/ssl/mydomain.org.crt
 }

 relay transptls {
listen on $ext_addr port 443 tls
protocol http_tls
transparent forward with tls to 127.0.0.1 port http
 }

 but i get this error:

 startup
 socket_rlimit: max open files 1024
 socket_rlimit: max open files 1024
 relay_load_certfiles: using ca certificate /etc/ssl/mydomain.org.crt
 socket_rlimit: max open files 1024
 socket_rlimit: max open files 1024
 relay_load_certfiles: using ca key /etc/ssl/private/mydomain.org.key
 /etc/relayd.conf:24: cannot load certificates for relay transptls
 no actions, nothing to do
 ca exiting, pid 29173
 pfe exiting, pid 19946
 ca exiting, pid 3806
 ca exiting, pid 24689
 hce exiting, pid 32289
 relay exiting, pid 22936
 relay exiting, pid 25790

 So, is it possible to use a tls key without password with relayd ?

 Thank you

 Morgan