Anybody else seeing this?
Mischa
> On 20 Dec 2019, at 15:54, Mischa <obs...@high5.nl> wrote:
>
> Hi All,
>
> When using the following config for relayd, the keypair is not loaded twice.
> Without 'keypair' and using the default way, <IP-address>.crt and
> <IPv6-address>.crt in /etc/ssl and /etc/ssl/private it's working as expected.
>
> Is this expected behavior?
>
> ###
> table <localhost> { 127.0.0.1 }
> ext_v4 = "46.xx.xx.130"
> ext_v6 = "2a03:xxxx:xxx::130"
> http protocol httpfilter {
> tcp { nodelay, sack }
> pass request quick path "/.well-known/acme-challenge/*" forward to
> <localhost>
> }
> http protocol httpsfilter {
> tcp { nodelay, sack }
> tls { keypair test.high5.nl, ciphers
> "kEECDH:!AESGCM:!aNULL:!SHA1:!MD5:@STRENGTH", no client-renegotiation }
> }
> relay default {
> listen on $ext_v4 port 80
> listen on $ext_v6 port 80
> protocol httpfilter
> forward to <localhost> port 80
> forward to <localhost> port 3129
> }
> relay default_tls {
> listen on $ext_v4 port 443 tls
> listen on $ext_v6 port 443 tls
> protocol httpsfilter
> forward to <localhost> port 443
> }
> ###
>
> test# relayd -d -vvvv
> startup
> socket_rlimit: max open files 1024
> socket_rlimit: max open files 1024
> socket_rlimit: max open files 1024
> relay_load_certfiles: using certificate /etc/ssl/test.high5.nl.crt
> relay_load_certfiles: using private key /etc/ssl/private/test.high5.nl.key
> /etc/relayd.conf:22: cannot load certificates for relay default_tls4:443
> socket_rlimit: max open files 1024
> pfe: filter init done
> hce exiting, pid 30862
> pfe exiting, pid 39056
> ca exiting, pid 87123
> ca exiting, pid 32013
> ca exiting, pid 78073
> relay exiting, pid 24340
> relay exiting, pid 4410
> relay exiting, pid 14486
