On 2023-10-09, Peter N. M. Hansteen <pe...@bsdly.net> wrote: > On Mon, Oct 09, 2023 at 06:42:02PM +0200, Noth wrote: >> >> I upgraded to 7.4 via CVS on my VMs but not my routers (yet). The 7.3 >> routers are still able to connect via TLS but the 7.4 VMs can't as they >> don't like the self signed certs. It'd be nice if this was in the >> upgrade74.html with some explanation of why this changed. > > Actually, if you built from source from a recent -current (HEAD) checkout, > what you got was just that: something that is close to what will be > 7.4-release, > (a matter of weeks if not days), but not actually 7.4-release or -stable.
cvs head is beyond 7.4. the tree has been tagged with OPENBSD_7_4_BASE but as usual it may still be re-tagged before release day. >> Is my path to getting all this working again the way it was to use Let's >> Encrypt certificates? any chance you previously had added certs to /etc/ssl/cert.pem but lost that when upgrading? > It's hard to tell the exact cause of your problem since you do not provice > crucial > data such as any error messages that would appear in a log somewhere. if there's nothing useful from syslogd, try connecting with nc -vvc on the relevant machines too. (there was no relevant change to syslogd since 7.3. there were changes to the various TLS libs but they should affect nc as well and errors maybe easier to see there). > We also do not know much about your configuration or what requirements the > setup > is supposed to fill. But sure, in quite a number of situations auto-reneweing > Let's Encrypt certificates would be a serviceable solution. using self-signed certs and requiring a specific cert (via syslogd's -C option) is certainly a valid configuration too. -- Please keep replies on the mailing list.
