On Sat, 09 May 2026 19:21:10 +0200,
Kirill A. Korinsky <kirill@korins.ky> wrote:
> 
> On Sat, 09 May 2026 19:06:00 +0200,
> Rafael Sadowski <rafael@sizeofvoid.org> wrote:
> > 
> > 
> > This is the correct syntax:
> > 
> >          tls keypair xxx cert /etc/ssl/test.crt
> >          tls keypair xxx key /etc/ssl/private/test.key
> > 
> > 
> >
> 
> Well, I read line
> 
>              keypair name [cert path [key path [ocsp path]]]
> 
> from a man like cert/key/ocsp should be in one line and ocsp path might be
> specified only when cert and key exists.


claudio@ pointed that path should be in "..." and it works.

I like it and OK with make explicit in man page that:
 - path should be in "...";
 - cert/key/ocsp should be in dedicated lines.

or rework parser to support unquoted path.

> 
> Anyway, I've tried your suggested syntax and it doesn't work:
> 
> relayd $ doas stat /etc/ssl/test.crt
> 1088 78678 -rw-r--r-- 1 root wheel 342741 1980 "Mar 29 22:28:46 2026" "Mar 29 22:28:46 2026" "Mar 29 22:30:11 2026" 16384 4 0 /etc/ssl/test.crt
> relayd $ doas stat /etc/ssl/private/test.key
> 1088 78675 -rw-r--r-- 1 root wheel 327156 3272 "Mar 29 22:28:46 2026" "Mar 29 22:28:46 2026" "Mar 29 22:28:46 2026" 16384 8 0 /etc/ssl/private/test.key
> relayd $ make
> relayd $ cat relayd.conf                                                                                                                   
> table <httpd> { 127.0.0.1 }
> 
> http protocol https {
>         tls keypair xxx cert /etc/ssl/test.crt
>         tls keypair xxx key /etc/ssl/private/test.key
> }
> 
> relay https {
>         listen on egress port 443 tls
>         protocol https
> 
>         forward to <httpd> port 80
> }
> relayd $ doas ./obj/relayd -n -f relayd.conf 
> relayd.conf:4: syntax error
> relayd.conf:10: no such protocol: https
> no actions, nothing to do
> relayd $
> 
> 
> -- 
> wbr, Kirill
> 

-- 
wbr, Kirill