CVS: cvs.openbsd.org: src

Reyk Floeter Tue, 29 Apr 2014 12:14:26 -0700

CVSROOT:        /cvs
Module name:    src
Changes by:     r...@cvs.openbsd.org    2014/04/29 13:13:14


Modified files:
        usr.sbin/smtpd : ca.c config.c lka.c mproc.c mta_session.c 
                         pony.c smtp.c smtp_session.c smtpd.c smtpd.h 
                         ssl.c ssl.h ssl_privsep.c ssl_smtpd.c 

Log message:
Implement RSA privilege separation for OpenSMTPD, based on my previous
implementation for relayd(8).  The smtpd(8) pony processes (mta
client, smtp server) don't keep the private keys in memory but send
their private key operations as imsgs to the "lookup"/mta process.
It's worth mentioning that this prevents acidental private key leakage
as it could have been caused by "Heartbleed".

ok gilles@

CVS: cvs.openbsd.org: src

Reply via email to