On Tue, Jul 06, 2021 at 02:37:34PM +0100, Ricardo Mestre wrote: > You got the order wrong on my diff :) > > Before, the certs were loaded by root in memory and then set by _spamd, with > my > diff they are still loaded by root but now also set, everything else > still has the same order so it should be: > > tls_config_set_*_file() > fork() > setres*id() > pledge()
Glad you're right: spamd_tls_init() happens way earlier in main(). I misread the diff and thought spamd_tls_init() landed shortly before pledge(). OK kn
