On Fri, Jul 26, 2019 at 08:19:33AM +0000, L??vai, D??niel wrote: > Hi all! > > Running OpenBSD 6.5-stable, I have this on my relay host: > > smtpd.conf: > ca myCA cert "/path/to/myCA.pem" > > listen on egress port submission \ > tls-require verify \ > ca myCA > > Now with that I expected that it'll only accept smtp clients that provide a > certificate signed by myCA, but it turns out it accepts any certificate that > is trusted based on the default /etc/ssl/certs.pem file. > Besides (re)moving the stock certs file or any other intrusive/ugly > workaround, is there any way I could force a CA for those connections? >
Your expectations are also mine. Please open an issue on our bug tracker, I'll have a look at it shortly as I recently did work in that area and it worked as I expected, so I'm a bit surprised. -- Gilles Chehade @poolpOrg https://www.poolp.org patreon: https://www.patreon.com/gilles -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
