Penned by Sebastian Benoit on 20120321 15:27.54, we have: | Hi, | | i did not find a place where it is documented explicitly how to use a | certificate chain with relayd. | | Should this be documented? Or maybe in ssl(8)? | | /Benno | | Index: relayd.conf.5 | =================================================================== | RCS file: /cvs/src/usr.sbin/relayd/relayd.conf.5,v | retrieving revision 1.125 | diff -u -p -u -r1.125 relayd.conf.5 | --- relayd.conf.5 20 Jan 2012 12:16:41 -0000 1.125 | +++ relayd.conf.5 21 Mar 2012 15:17:47 -0000 | @@ -639,6 +639,7 @@ and a public certificate in | where | .Ar address | is the specified IP address of the relay to listen on. | +A certificate chain can be appended to the server certificate. | See | .Xr ssl 8 | for details about SSL server certificates.
This makes sense to me. It would be nice if one could explicitly state a chain file. It's a bit clunky to append the certificate change to the server certificate each year. Separately, I'd also love to be able to specify the certificate by name per relay, as sometimes a given relayd instance might receive redirected traffic for multiple external addresses. Sure, with RFC1918 one can assign multiple addresses to the relayd system, but this would also be useful. Yes, I have this on my todo list, but if anybody beats me to coding either of the above, I will be glad to test ;-) Thanks, -- Todd Fries .. [email protected] _____________________________________________ | \ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | 2525 NW Expy #525, Oklahoma City, OK 73112 \ sip:[email protected] | "..in support of free software solutions." \ sip:[email protected] \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt
