On 16-07-30 21:03:36, Edgar Pettijohn wrote:
> On 16-07-31 12:58:35, James Pole wrote:
> > Hello again,
> >
> > Given the following httpd.conf(5) configuration on an OpenBSD 5.9-stable
> > machine???
> >
> > server "pole.net.nz" {
> > hsts preload
> > hsts subdomains
> > listen on egress tls port 443
> > root "/htdocs/pole.net.nz"
> > tls certificate "/etc/letsencrypt/live/cellsites.nz/fullchain.pem"
> > tls key "/etc/letsencrypt/live/cellsites.nz/privkey.pem???
> > }
> >
> > ???all works as expected (or in other words, `httpd -n` doesn???t complain).
> >
> > I will be using the same certificate for several websites since httpd(8)
> > does
> > not yet support SNI. So I thought I would create a macro for the path to the
> > TLS certificate and key file and refer to it. So I changed my httpd.conf as
> > follows???
> >
> > abc="/etc/letsencrypt/live/cellsites.nz/fullchain.pem"
> > def="/etc/letsencrypt/live/cellsites.nz/privkey.pem"
> > server "pole.net.nz" {
> > hsts preload
> > hsts subdomains
> > listen on egress tls port 443
> > root "/htdocs/pole.net.nz"
> > tls certificate $abc
> > tls key $def
> > }
> >
> > ???however `httpd -n` fails with the following error ???
> >
> > $ doas httpd -n
> > /etc/httpd.conf:8: syntax error
> > no actions, nothing to do
> >
> > A similar error occurs if I explicitly define the path for the certificate
> > (i.e. without using the macro) and use the macro for the key.
> >
> > Are macros not supported for the 'tls certificate' and 'tls key' options?
> >
> > Regards,
> > James
> >
> Seems like it should work, but I just tested with the same results.
> --
> Edgar Pettijohn
>
Turns out you need to double quote.
abc="'/etc/ssl/server.crt'"
def="'/etc/ssl/private/server.key'"
tls certificate $abc
tls key $def
--
Edgar Pettijohn
