012345678901234567890123456789012345678901234567890123456789
I have: OpenBSD-current amd64 March 16th, 2016.
I am not the only one who can reproduce bug.
Trondd also can reproduce bug, which was confirmed on misc mail-list.
If "tls ca file " is specified, relayd starts, but relay actually is not
started.
On misc trondd wrote:
>Started digging into the code. Definitely a bug somewhere. When "ca
>file" is defined, the relay is never added to the rlay TAILQ and so never
>gets started up. Not sure why, yet. I'm working backwords throught code.
>I'll send a report to bugs if you don't. Someone who knows the code can
>probably find this much more quickly than I can (if I can at all).
>Tim.
Example to reproduce bug:
Getmail and Imap over TLS.
cat getmailrc
[retriever]
type = SimpleIMAPRetriever
server = 127.0.0.1
port = 5555
username = censored
password = censored
[destination]
type = Maildir
path = censored
[options]
delete = false
message_log = censored
***
relayd.conf
$ cat /etc/relayd.conf
tcp protocol proto_wp {
tls ca file "/etc/ssl/cert.pem"
tls tlsv1.1
pass
}
relay connect_to_mail_wp {
protocol proto_wp
listen on 127.0.0.1 port 5555
forward with tls to imap.wp.pl port 993
}
# relayd -d -vvv -f /etc/relayd.conf
startup
socket_rlimit: max open files 1024
relay_load_certfiles: using ca /etc/ssl/cert.pem
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
relay_privinit: adding relay connect_to_mail_wp
protocol 1: name proto_wp
flags: used, relay flags: tls client
tls flags: tlsv1.1, tlsv1.2, cipher-server-preference,
client-renegotiation
type: tcp
pass request
ca_engine_init: using RSA privsep engine
ca_engine_init: using RSA privsep engine
ca_engine_init: using RSA privsep engine
ca_engine_init: using RSA privsep engine
If you comment out "tls ca file" it is going to work,
but of course without certificate checking.
