Mailing List Archive

From:: Omar Polo <op@omarpolo.com>
Subject:: Re: Document 'smtps verify' in smtpd.conf(5)
To:: Josh Rickmar <jrick@zettaport.com>
Cc:: gilles@poolp.org, tech@openbsd.org
Date:: Sat, 10 May 2025 21:00:57 +0200

Download raw body.

Thread

2025-05-10 15:03 Josh Rickmar:
Document 'smtps verify' in smtpd.conf(5)
- 2025-05-10 19:00 Omar Polo:
  Document 'smtps verify' in smtpd.conf(5)

Josh Rickmar <jrick@zettaport.com> wrote:
> 'listen on ... smtps' has an optional verify option to require valid
> client certificates, just like tls-require.

looks good to me; ok op@ but please give gilles@ some time to chime in.

> diff /usr/src
> path + /usr/src
> commit - 688324ca4b6c1798f8866b037dac8edbf1d58395
> blob - 910f94f7c91be7a95bb15e72eadabb9b207d84bd
> file + usr.sbin/smtpd/smtpd.conf.5
> --- usr.sbin/smtpd/smtpd.conf.5
> +++ usr.sbin/smtpd/smtpd.conf.5
> @@ -530,10 +530,14 @@ In addition, if the
>  option is provided,
>  the From header is rewritten
>  to match the sender provided in the SMTP session.
> -.It Cm smtps
> +.It Cm smtps Op Cm verify
>  Support SMTPS, by default on port 465.
>  Mutually exclusive with
>  .Cm tls .
> +With the
> +.Cm verify
> +option, clients must also provide a valid certificate
> +to establish an SMTP session.
>  .It Cm tag Ar tag
>  Clients connecting to the listener are tagged with the given
>  .Ar tag .

2025-05-10 15:03 Josh Rickmar:
Document 'smtps verify' in smtpd.conf(5)
- 2025-05-10 19:00 Omar Polo:
  Document 'smtps verify' in smtpd.conf(5)