diff options
-rw-r--r-- | usr.sbin/smtpd/smtpd.c | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/usr.sbin/smtpd/smtpd.c b/usr.sbin/smtpd/smtpd.c index 8abf47dda7e..482f9440740 100644 --- a/usr.sbin/smtpd/smtpd.c +++ b/usr.sbin/smtpd/smtpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpd.c,v 1.223 2014/04/29 19:13:13 reyk Exp $ */ +/* $OpenBSD: smtpd.c,v 1.224 2014/04/29 21:04:17 reyk Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -76,6 +76,7 @@ static void purge_task(void); static void log_imsg(int, int, struct imsg *); static int parent_auth_user(const char *, const char *); static void load_pki_tree(void); +static void load_pki_keys(void); enum child_type { CHILD_DAEMON, @@ -579,6 +580,7 @@ main(int argc, char *argv[]) if (env->sc_opts & SMTPD_OPT_NOACTION) { load_pki_tree(); + load_pki_keys(); fprintf(stderr, "configuration OK\n"); exit(0); } @@ -691,8 +693,6 @@ load_pki_tree(void) if (! ssl_load_certificate(pki, pki->pki_cert_file)) fatalx("load_pki_tree: failed to load certificate file"); - if (! ssl_load_keyfile(pki, pki->pki_key_file, k)) - fatalx("load_pki_tree: failed to load key file"); if (pki->pki_ca_file) if (! ssl_load_cafile(pki, pki->pki_ca_file)) @@ -703,6 +703,23 @@ load_pki_tree(void) } } +void +load_pki_keys(void) +{ + struct pki *pki; + const char *k; + void *iter_dict; + + log_debug("debug: init ssl-tree"); + iter_dict = NULL; + while (dict_iter(env->sc_pki_dict, &iter_dict, &k, (void **)&pki)) { + log_debug("info: loading pki keys for %s", k); + + if (! ssl_load_keyfile(pki, pki->pki_key_file, k)) + fatalx("load_pki_keys: failed to load key file"); + } +} + static void fork_peers(void) { @@ -728,6 +745,10 @@ post_fork(int proc) close(control_socket); control_socket = -1; } + + if (proc == PROC_LKA) { + load_pki_keys(); + } } struct child * |