diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2014-04-29 19:13:15 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2014-04-29 19:13:15 +0000 |
| commit | e7701d1ab687bebc394f5ebf60b4273c79debc6b (patch) | |
| tree | 4cc3988715b5f784485b152815e9dac67c3799b6 /usr.sbin/smtpd/pony.c | |
| parent | 37790797bff794cb8568109494b4219ce0efe114 (diff) | |
Implement RSA privilege separation for OpenSMTPD, based on my previous
implementation for relayd(8). The smtpd(8) pony processes (mta
client, smtp server) don't keep the private keys in memory but send
their private key operations as imsgs to the "lookup"/mta process.
It's worth mentioning that this prevents acidental private key leakage
as it could have been caused by "Heartbleed".
ok gilles@
Diffstat (limited to 'usr.sbin/smtpd/pony.c')
| -rw-r--r-- | usr.sbin/smtpd/pony.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/usr.sbin/smtpd/pony.c b/usr.sbin/smtpd/pony.c index cd8b353662e..2b3e59226ed 100644 --- a/usr.sbin/smtpd/pony.c +++ b/usr.sbin/smtpd/pony.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pony.c,v 1.2 2014/04/09 18:55:19 eric Exp $ */ +/* $OpenBSD: pony.c,v 1.3 2014/04/29 19:13:13 reyk Exp $ */ /* * Copyright (c) 2014 Gilles Chehade <gilles@poolp.org> @@ -213,6 +213,8 @@ pony(void) config_peer(PROC_CONTROL); config_done(); + ca_engine_init(); + if (event_dispatch() < 0) fatal("event_dispatch"); pony_shutdown(); |