summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.sbin/smtpd/smtpd.c27
1 files changed, 24 insertions, 3 deletions
diff --git a/usr.sbin/smtpd/smtpd.c b/usr.sbin/smtpd/smtpd.c
index 8abf47dda7e..482f9440740 100644
--- a/usr.sbin/smtpd/smtpd.c
+++ b/usr.sbin/smtpd/smtpd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: smtpd.c,v 1.223 2014/04/29 19:13:13 reyk Exp $ */
+/* $OpenBSD: smtpd.c,v 1.224 2014/04/29 21:04:17 reyk Exp $ */
/*
* Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
@@ -76,6 +76,7 @@ static void purge_task(void);
static void log_imsg(int, int, struct imsg *);
static int parent_auth_user(const char *, const char *);
static void load_pki_tree(void);
+static void load_pki_keys(void);
enum child_type {
CHILD_DAEMON,
@@ -579,6 +580,7 @@ main(int argc, char *argv[])
if (env->sc_opts & SMTPD_OPT_NOACTION) {
load_pki_tree();
+ load_pki_keys();
fprintf(stderr, "configuration OK\n");
exit(0);
}
@@ -691,8 +693,6 @@ load_pki_tree(void)
if (! ssl_load_certificate(pki, pki->pki_cert_file))
fatalx("load_pki_tree: failed to load certificate file");
- if (! ssl_load_keyfile(pki, pki->pki_key_file, k))
- fatalx("load_pki_tree: failed to load key file");
if (pki->pki_ca_file)
if (! ssl_load_cafile(pki, pki->pki_ca_file))
@@ -703,6 +703,23 @@ load_pki_tree(void)
}
}
+void
+load_pki_keys(void)
+{
+ struct pki *pki;
+ const char *k;
+ void *iter_dict;
+
+ log_debug("debug: init ssl-tree");
+ iter_dict = NULL;
+ while (dict_iter(env->sc_pki_dict, &iter_dict, &k, (void **)&pki)) {
+ log_debug("info: loading pki keys for %s", k);
+
+ if (! ssl_load_keyfile(pki, pki->pki_key_file, k))
+ fatalx("load_pki_keys: failed to load key file");
+ }
+}
+
static void
fork_peers(void)
{
@@ -728,6 +745,10 @@ post_fork(int proc)
close(control_socket);
control_socket = -1;
}
+
+ if (proc == PROC_LKA) {
+ load_pki_keys();
+ }
}
struct child *