Hello, A while ago, I implemented server-side ECDSA certificates support in OpenSMTPD.
This was not trivial because OpenSMTPD keeps private keys out of the network facing process, meaning that we can't just use the standard OpenSSL interface: we need a custom engine which knows how to split operations between two different processes using IPC. Unfortunately, the engine API diverged between LibreSSL and more recent OpenSSL versions, so the same engine could not work for both. The implementation I did was limited to OpenBSD and Linux systems that shipped LibreSSL. Someone offered to sponsor me to add support for OpenSSL so... https://github.com/OpenSMTPD/OpenSMTPD/tree/openssl-ecdsa If you're interested in EC certificates in OpenSMTPD w/ OpenSSL, please test this branch and report in this thread if you find issues or if it works for you. This branch contains all of the code from the 6.8.0p1-rc1 tag so that if you test it, you're also helping me prepare the next release. Cheers, Gilles PS: if you want to sponsor a bit this dev too, I'd appreciate it ;-)
