Hi Gilles, Did you by any chance have time to look at #926? It there something wrong with my setup or is this a kind of a regression? Thanks for any info on this!
Dani ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, 26 July 2019 13:51, Gilles Chehade <[email protected]> wrote: > On Fri, Jul 26, 2019 at 08:19:33AM +0000, L??vai, D??niel wrote: > > > Hi all! > > Running OpenBSD 6.5-stable, I have this on my relay host: > > smtpd.conf: > > ca myCA cert "/path/to/myCA.pem" > > listen on egress port submission \ > > tls-require verify \ > > ca myCA > > Now with that I expected that it'll only accept smtp clients that provide a > > certificate signed by myCA, but it turns out it accepts any certificate > > that is trusted based on the default /etc/ssl/certs.pem file. > > Besides (re)moving the stock certs file or any other intrusive/ugly > > workaround, is there any way I could force a CA for those connections? > > Your expectations are also mine. > > Please open an issue on our bug tracker, I'll have a look at it shortly > as I recently did work in that area and it worked as I expected, so I'm > a bit surprised. > > ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Gilles Chehade @poolpOrg > > https://www.poolp.org patreon: https://www.patreon.com/gilles
