diff options
| -rw-r--r-- | usr.sbin/relayd/relay.c | 28 | ||||
| -rw-r--r-- | usr.sbin/relayd/relayd.conf.5 | 25 |
2 files changed, 39 insertions, 14 deletions
diff --git a/usr.sbin/relayd/relay.c b/usr.sbin/relayd/relay.c index 4962a0551b7..010134ec1d2 100644 --- a/usr.sbin/relayd/relay.c +++ b/usr.sbin/relayd/relay.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relay.c,v 1.144 2012/01/21 13:40:48 camield Exp $ */ +/* $OpenBSD: relay.c,v 1.145 2012/03/24 14:48:18 sthen Exp $ */ /* * Copyright (c) 2006, 2007, 2008 Reyk Floeter <reyk@openbsd.org> @@ -3139,6 +3139,7 @@ int relay_load_certfiles(struct relay *rlay) { struct protocol *proto = rlay->rl_proto; + int useport = htons(rlay->rl_conf.port); char certfile[PATH_MAX]; char hbuf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")]; @@ -3156,16 +3157,29 @@ relay_load_certfiles(struct relay *rlay) return (-1); if (snprintf(certfile, sizeof(certfile), - "/etc/ssl/%s.crt", hbuf) == -1) + "/etc/ssl/%s:%u.crt", hbuf, useport) == -1) return (-1); if ((rlay->rl_ssl_cert = relay_load_file(certfile, - &rlay->rl_conf.ssl_cert_len)) == NULL) - return (-1); + &rlay->rl_conf.ssl_cert_len)) == NULL) { + if (snprintf(certfile, sizeof(certfile), + "/etc/ssl/%s.crt", hbuf) == -1) + return (-1); + if ((rlay->rl_ssl_cert = relay_load_file(certfile, + &rlay->rl_conf.ssl_cert_len)) == NULL) + return (-1); + useport = 0; + } log_debug("%s: using certificate %s", __func__, certfile); - if (snprintf(certfile, sizeof(certfile), - "/etc/ssl/private/%s.key", hbuf) == -1) - return -1; + if (useport) { + if (snprintf(certfile, sizeof(certfile), + "/etc/ssl/private/%s:%u.key", hbuf, useport) == -1) + return -1; + } else { + if (snprintf(certfile, sizeof(certfile), + "/etc/ssl/private/%s.key", hbuf) == -1) + return -1; + } if ((rlay->rl_ssl_key = relay_load_file(certfile, &rlay->rl_conf.ssl_key_len)) == NULL) return (-1); diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5 index e7d3814ce54..6067acb62bf 100644 --- a/usr.sbin/relayd/relayd.conf.5 +++ b/usr.sbin/relayd/relayd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: relayd.conf.5,v 1.125 2012/01/20 12:16:41 camield Exp $ +.\" $OpenBSD: relayd.conf.5,v 1.126 2012/03/24 14:48:18 sthen Exp $ .\" .\" Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org> .\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: January 20 2012 $ +.Dd $Mdocdate: March 24 2012 $ .Dt RELAYD.CONF 5 .Os .Sh NAME @@ -632,13 +632,19 @@ If the .Ic ssl keyword is present, the relay will accept connections using the encrypted SSL protocol. -The relay will look up a private key in -.Pa /etc/ssl/private/address.key +The relay will attempt to look up a private key in +.Pa /etc/ssl/private/address:port.key and a public certificate in -.Pa /etc/ssl/address.crt , +.Pa /etc/ssl/address:port.crt , where .Ar address -is the specified IP address of the relay to listen on. +is the specified IP address and +.Ar port +is the specified port that the relay listens on. +If these files are not present, the relay will continue to look in +.Pa /etc/ssl/private/address.key +and +.Pa /etc/ssl/address.crt . See .Xr ssl 8 for details about SSL server certificates. @@ -1138,10 +1144,15 @@ configuration file. Service name database. .Pp .It Pa /etc/ssl/address.crt +.It Pa /etc/ssl/address:port.crt .It Pa /etc/ssl/private/address.key +.It Pa /etc/ssl/private/address:port.key Location of the relay SSL server certificates, where .Ar address -is the configured IP address of the relay. +is the configured IP address +and +.Ar port +is the configured port number of the relay. .It Pa /etc/ssl/cert.pem Default location of the CA bundle that can be used with .Xr relayd 8 . |