1 files changed, 19 insertions, 1 deletions

diff --git a/usr.sbin/relayd/config.c b/usr.sbin/relayd/config.c
index ce1eb2bfe0d..2b8a308a969 100644
--- a/usr.sbin/relayd/config.c
+++ b/usr.sbin/relayd/config.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: config.c,v 1.39 2019/06/01 09:54:19 reyk Exp $	*/
+/*	$OpenBSD: config.c,v 1.40 2019/06/26 12:13:47 reyk Exp $	*/
 
 /*
  * Copyright (c) 2011 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -903,6 +903,16 @@ config_setrelay(struct relayd *env, struct relay *rlay)
 					    rlay->rl_conf.name);
 					return (-1);
 				}
+				if (id == PROC_RELAY &&
+				    cert->cert_ocsp_fd != -1 &&
+				    config_setrelayfd(ps, id, n,
+				    cert->cert_id, cert->cert_relayid,
+				    RELAY_FD_OCSP, cert->cert_ocsp_fd) == -1) {
+					log_warn("%s: fd passing failed for "
+					    "`%s'", __func__,
+					    rlay->rl_conf.name);
+					return (-1);
+				}
 				if (id == PROC_CA &&
 				    cert->cert_key_fd != -1 &&
 				    config_setrelayfd(ps, id, n,
@@ -992,6 +1002,10 @@ config_setrelay(struct relayd *env, struct relay *rlay)
 			close(cert->cert_key_fd);
 			cert->cert_key_fd = -1;
 		}
+		if (cert->cert_ocsp_fd != -1) {
+			close(cert->cert_ocsp_fd);
+			cert->cert_ocsp_fd = -1;
+		}
 	}
 
 	return (0);
@@ -1113,6 +1127,7 @@ config_getrelayfd(struct relayd *env, struct imsg *imsg)
 	switch (crfd.type) {
 	case RELAY_FD_CERT:
 	case RELAY_FD_KEY:
+	case RELAY_FD_OCSP:
 		if ((cert = cert_find(env, crfd.id)) == NULL) {
 			if ((cert = cert_add(env, crfd.id)) == NULL)
 				return (-1);
@@ -1134,6 +1149,9 @@ config_getrelayfd(struct relayd *env, struct imsg *imsg)
 	case RELAY_FD_KEY:
 		cert->cert_key_fd = imsg->fd;
 		break;
+	case RELAY_FD_OCSP:
+		cert->cert_ocsp_fd = imsg->fd;
+		break;
 	case RELAY_FD_CACERT:
 		rlay->rl_tls_ca_fd = imsg->fd;
 		break;