On 16-07-31 12:58:35, James Pole wrote:
> Hello again,
>
> Given the following httpd.conf(5) configuration on an OpenBSD 5.9-stable
> machine???
>
> server "pole.net.nz" {
> hsts preload
> hsts subdomains
> listen on egress tls port 443
> root "/htdocs/pole.net.nz"
> tls certificate "/etc/letsencrypt/live/cellsites.nz/fullchain.pem"
> tls key "/etc/letsencrypt/live/cellsites.nz/privkey.pem???
> }
>
> ???all works as expected (or in other words, `httpd -n` doesn???t complain).
>
> I will be using the same certificate for several websites since httpd(8) does
> not yet support SNI. So I thought I would create a macro for the path to the
> TLS certificate and key file and refer to it. So I changed my httpd.conf as
> follows???
>
> abc="/etc/letsencrypt/live/cellsites.nz/fullchain.pem"
> def="/etc/letsencrypt/live/cellsites.nz/privkey.pem"
> server "pole.net.nz" {
> hsts preload
> hsts subdomains
> listen on egress tls port 443
> root "/htdocs/pole.net.nz"
> tls certificate $abc
> tls key $def
> }
>
> ???however `httpd -n` fails with the following error ???
>
> $ doas httpd -n
> /etc/httpd.conf:8: syntax error
> no actions, nothing to do
>
> A similar error occurs if I explicitly define the path for the certificate
> (i.e. without using the macro) and use the macro for the key.
>
> Are macros not supported for the 'tls certificate' and 'tls key' options?
>
> Regards,
> James
>
Seems like it should work, but I just tested with the same results.
--
Edgar Pettijohn