On Sun, Feb 16, 2014 at 12:37:08AM +0100, Gilles Chehade wrote: > On Sat, Feb 15, 2014 at 09:26:35PM +0100, Frank Brodbeck wrote: > > Hi, > > > > On Fri, Feb 14, 2014 at 07:24:32PM -0500, Ted Unangst wrote: > > > I would try using a full path. > > > > > > pki example ca "/etc/ssl/myca.pem" > > > > I already tried it with full path. But I got it working now by > > specifying certificate and key, too: > > > > pki example certificate "/etc/ssl/relay.crt" > > pki example key "/etc/ssl/private/relay.key" > > pki example ca "/etc/ssl/ca.crt" > > > > and later on: > > > > accept from any for domain example.tld relay via tls://relay.example.tld > > pki example verify > > > > But I am still wondering if I am doing it right. Because normally it > > should be enough to have the signing certificate and it shouldn't be > > neccessary to provide the peer's cert and key or am I wrong here? > > > > Trying to test my thesis I created two empty files: foo.pem and foo.key > > and used them in my pki statement with some astonishing result: > > > > # smtpd -nf /etc/mail/smtpd.conf > > Segmentation fault (core dumped) > > > > While the test is more or less stupid I wasn't expecting a segfault ;-) > > > > me neither, I'll fix this tomorrow, I'm currently away from home >
I have not forgotten but been unable to reproduce, I'll keep working on it today ;-) -- Gilles Chehade https://www.poolp.org @poolpOrg
