On Fri, March 25, 2016 10:59 am, trondd wrote: > On Fri, March 25, 2016 7:15 am, Lampshade wrote: >> >> # tls ca file "/etc/ssl/cert.pem" >> >> ca_engine_init: using RSA privsep engine >> relay_launch: running relay connect_to_mail_wp >> relay_launch: running relay connect_to_mail_wp >> relay_launch: running relay connect_to_mail_wp >> relay connect_to_mail_wp, tls session 1 connected (1 active) >> relay connect_to_mail_wp, session 1 (1 active), 0, 127.0.0.1 -> >> 212.77.101.140:993, done >> >> *** >> >> tls ca file "/etc/ssl/cert.pem" >> >> relay_load_certfiles: using ca /etc/ssl/cert.pem >> >> ca_engine_init: using RSA privsep engine >> > > I can confirm that 'ca file' doesn't seem to be working correctly. I have > a TLS server and client relay for web traffic. Without 'ca file' defined, > I can connect and get relayed through to the backend service. With 'ca > file' defined. I can't even complete a connection to relayd. The initial > TCP connection happens then it hangs there. Confirmed via s_client and > tcpdump. > > I'll need to replicate this at home to be able to get more info. > > Tim. >
Started digging into the code. Definitely a bug somewhere. When "ca file" is defined, the relay is never added to the rlay TAILQ and so never gets started up. Not sure why, yet. I'm working backwords throught code. I'll send a report to bugs if you don't. Someone who knows the code can probably find this much more quickly than I can (if I can at all). Tim.
