Thanks for the feedback.
I guess now i have to try and remember what this was about ;-)
/Benno
Stefan R. Filipek(srfilipek@gmail.com) on 2024.02.03 09:47:45 -0500:
> Hi all,
>
> Reviving a really old thread, but this problem still exists in 7.4 and
> is impacting my use case as well.
>
> However, I can confirm that this patch does fix the issue. An
> additional "struct keyname *name;" was required in the function, but
> otherwise it works as-is.
>
> Best,
> Stefan
>
>
>
> On Tue, Sep 17, 2019 at 2:03???PM Muhammad Kaisar Arkhan <hi@yukiisbo.red> wrote:
> >
> > Hi,
> >
> > No, not yet. I've been busy with life atm (Uni just started and other stuff). I'm hoping to test it this weekend.
> >
> > Thanks.
> >
> >
> > Le September 17, 2019 ?? 1:51 PM Sebastian Benoit <http://benoit-lists@fb12.de > a ??crit:
> >
> > > Hi,
> > >
> > > did you manage to test the diff?
> > >
> > > /Benno
> > >
> > > Sebastian Benoit(benoit-lists@fb12.de) on 2019.09.01 17:05:34 +0200:
> > >
> > > > > Sebastian Benoit(benoit-lists@fb12.de) on 2019.09.01 16:44:37 +0200:
> > > >
> > > > > > > Muhammad Kaisar Arkhan(hi@yukiisbo.red) on 2019.08.29 14:55:03 +0200:
> > > > >
> > > > > > > > > Hi Tom,
> > > > > >
> > > > > >
> > > > > > > > > > > listen on 2a03:6000:9106::50f7:f07a:d1cc port 443 tls
> > > > > > >
> > > > > > > > > > > I've tried this before, it just results in this:
> > > > > >
> > > > > > /etc/relayd.conf:33: cannot load certificates for relay https2:443
> > > > > >
> > > > > > > > > Your error says "for relay https2", but the relayd.conf file you quote does
> > > > > not have a relay "https2".
> > > > >
> > > > > Please show the output of "relayd -nvv" and *exactly* the /etc/relayd.conf
> > > > > file at the time when you ran the command.
> > > > >
> > > > > > > sorry, my mistake: the https2 there is fine, it comes from the second
> > > > "listen ..." directive.
> > > >
> > > > I think i found the issue: relays with multiple listen statements do not
> > > > work with keypair currently.
> > > >
> > > > Can you test this diff with a config that has a listen on the v4 adress and
> > > > a listen on the v6 adress, not the "egress" method.
> > > >
> > > > If it does not work, please show again your config and "relayd -nvv".
> > > >
> > > > /Benno
> > > >
> > > > diff --git usr.sbin/relayd/parse.y usr.sbin/relayd/parse.y
> > > > index c6e2bcacdfb..8338d5c9e6d 100644
> > > > --- usr.sbin/relayd/parse.y
> > > > +++ usr.sbin/relayd/parse.y
> > > > @@ -3323,11 +3312,19 @@ relay_inherit(struct relay *ra, struct relay *rb)
> > > > goto err;
> > > > }
> > > >
> > > > - if (relay_load_certfiles(conf, rb, NULL) == -1) {
> > > > + if (TAILQ_EMPTY(&rb->rl_proto->tlscerts) &&
> > > > + relay_load_certfiles(conf, rb, NULL) == -1) {
> > > > yyerror("cannot load certificates for relay %s",
> > > > rb->rl_conf.name);
> > > > goto err;
> > > > }
> > > > + TAILQ_FOREACH(name, &rlay->rl_proto->tlscerts, entry) {
> > > > + if (relay_load_certfiles(conf, rb, name->name) == -1) {
> > > > + yyerror("cannot load keypair %s for relay %s",
> > > > + name->name, rb->rl_conf.name);
> > > > + goto err;
> > > > + }
> > > > + }
> > > >
> > > > TAILQ_FOREACH(rta, &ra->rl_tables, rlt_entry) {
> > > > if ((rtb = calloc(1, sizeof(*rtb))) == NULL) {
> > > >
> > > > > --
> > >
>
--
No comments:
Post a Comment