Home » Mailing list archives » openbsd-misc » 2010 » December » 17

Re: Clarification smtpd.conf(5)

Previous thread: none

Next thread: ultimas agendas para regalos by jorge on Thursday, December 16, 2010 - 11:38 am. (1 message)
[view original message]
From: Sunil Nimmagadda
Subject: Clarification smtpd.conf(5)
Date: Thursday, December 16, 2010 - 4:23 pm

I am new to OpenBSD and smtpd, please ignore if this is too trivial to
inform. Smtpd checks for two files instead of one when no certificate
name is specified for "listen on". Though one of the examples shows
exactly what has to be done, I thought it helps mentioning explicitly.

Index: smtpd.conf.5
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v
retrieving revision 1.36
diff -u -r1.36 smtpd.conf.5
--- smtpd.conf.5        29 Oct 2010 09:16:08 -0000      1.36
+++ smtpd.conf.5        16 Dec 2010 22:53:51 -0000
@@ -116,9 +116,9 @@
 .Ar name
 is specified, the
 .Pa /etc/mail/certs
-directory is searched for a file named by joining
-the interface name with a .crt extension, e.g.\&
-.Pa /etc/mail/certs/fxp0.crt .
+directory is searched for files named by joining
+the interface name with .crt, .key extensions, e.g.\&
+.Pa /etc/mail/certs/fxp0.crt /etc/mail/certs/fxp0.key .
 .Pp
 If the
 .Ic enable auth


[ message continues ]
[view original message]
From: Gilles Chehade
Subject: Re: Clarification smtpd.conf(5)
Date: Friday, December 17, 2010 - 5:09 am

Sorry for the delay, I didn't have a clear mind when I received your
mail and didn't understand exactly what you meant :-)

You are right this behavior is not documented, we'll fix it shortly
with a little rephrasing. 

however, on a related note, I also have plans to change this code a 
bit so that we can specify filenames rather than certnames from which 
we infer .crt and .key, this would allow to store key's and cert's in
separate directories for example.

Anyways, thanks for your diff

Gilles



-- 
Gilles Chehade
freelance developer/sysadmin/consultant

		   http://www.poolp.org


[ message continues ]
[view original message]
From: Jason McIntyre
Subject: Re: Clarification smtpd.conf(5)
Date: Saturday, December 18, 2010 - 3:26 pm

after some dicussion with gilles, we committed the diff below. hope
that's all clear now, and thanks for the diff.

jmc

Index: smtpd.conf.5
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v
retrieving revision 1.36
diff -u -r1.36 smtpd.conf.5
--- smtpd.conf.5	29 Oct 2010 09:16:08 -0000	1.36
+++ smtpd.conf.5	18 Dec 2010 22:24:02 -0000
@@ -110,15 +110,28 @@
 or SMTPS
 .Pq Ic smtps ,
 by default on port 465.
+Host certificates may be used for these connections,
+and are searched for in the
+.Pa /etc/mail/certs
+directory.
+If
+.Ic certificate
+is specified,
+a certificate
+.Ao Ar name Ac Ns .crt
+and key
+.Ao Ar name Ac Ns .key
+are searched for.
+If no
+.Ic certificate
+is specified,
+the default interface name is instead used,
+for example
+.Pa fxp0.crt
+and
+.Pa fxp0.key .
 Creation of certificates is documented in
 .Xr starttls 8 .
-If no certificate
-.Ar name
-is specified, the
-.Pa /etc/mail/certs
-directory is searched for a file named by joining
-the interface name with a .crt extension, e.g.\&
-.Pa /etc/mail/certs/fxp0.crt .
 .Pp
 If the
 .Ic enable auth


[ message continues ]
Previous thread: none

Next thread: ultimas agendas para regalos by jorge on Thursday, December 16, 2010 - 11:38 am. (1 message)