Re: smtpd accept client certificate only from a specific CA
Cheers, and appreciate the work you do! Dani Eredeti üzenet Be 2019. júl. 29. 10:13, Gilles Chehade írta: > On Sun, Jul 28, 2019 at 08:37:54PM +, L??vai, D??niel wrote: >> Hi Gilles, >> >> Did you by any chance have time to look at #926? It there something wrong >> with my setup or is this a kind of a regression? >> Thanks for any info on this! >> > > Nope, if I had you would know ;-) > > I'm working pretty much alone on smtpd these days and I'm not full-time, > so unless an issue is security related, it can take a bit of time before > I tackle it. > > Patience. > > -- > Gilles Chehade @poolpOrg > > https://www.poolp.org patreon: https://www.patreon.com/gilles
Re: smtpd accept client certificate only from a specific CA
On Sun, Jul 28, 2019 at 08:37:54PM +, L??vai, D??niel wrote: > Hi Gilles, > > Did you by any chance have time to look at #926? It there something wrong > with my setup or is this a kind of a regression? > Thanks for any info on this! > Nope, if I had you would know ;-) I'm working pretty much alone on smtpd these days and I'm not full-time, so unless an issue is security related, it can take a bit of time before I tackle it. Patience. -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles
Re: smtpd accept client certificate only from a specific CA
Hi Gilles, Did you by any chance have time to look at #926? It there something wrong with my setup or is this a kind of a regression? Thanks for any info on this! Dani ‐‐‐ Original Message ‐‐‐ On Friday, 26 July 2019 13:51, Gilles Chehade wrote: > On Fri, Jul 26, 2019 at 08:19:33AM +, L??vai, D??niel wrote: > > > Hi all! > > Running OpenBSD 6.5-stable, I have this on my relay host: > > smtpd.conf: > > ca myCA cert "/path/to/myCA.pem" > > listen on egress port submission \ > > tls-require verify \ > > ca myCA > > Now with that I expected that it'll only accept smtp clients that provide a > > certificate signed by myCA, but it turns out it accepts any certificate > > that is trusted based on the default /etc/ssl/certs.pem file. > > Besides (re)moving the stock certs file or any other intrusive/ugly > > workaround, is there any way I could force a CA for those connections? > > Your expectations are also mine. > > Please open an issue on our bug tracker, I'll have a look at it shortly > as I recently did work in that area and it worked as I expected, so I'm > a bit surprised. > > - > > Gilles Chehade @poolpOrg > > https://www.poolp.org patreon: https://www.patreon.com/gilles
Re: smtpd accept client certificate only from a specific CA
On Fri, Jul 26, 2019 at 08:19:33AM +, L??vai, D??niel wrote: > Hi all! > > Running OpenBSD 6.5-stable, I have this on my relay host: > > smtpd.conf: > ca myCA cert "/path/to/myCA.pem" > > listen on egress port submission \ > tls-require verify \ > ca myCA > > Now with that I expected that it'll only accept smtp clients that provide a > certificate signed by myCA, but it turns out it accepts any certificate that > is trusted based on the default /etc/ssl/certs.pem file. > Besides (re)moving the stock certs file or any other intrusive/ugly > workaround, is there any way I could force a CA for those connections? > Your expectations are also mine. Please open an issue on our bug tracker, I'll have a look at it shortly as I recently did work in that area and it worked as I expected, so I'm a bit surprised. -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org