From: Jan Schreiber <jes@posteo.de>
Subject: Re: httpd: support encrypted tls server keys
To: Christian Schulte <cs@schulte.it>, tech@openbsd.org
Date: Fri, 20 Feb 2026 15:32:50 +0000



On 2/18/26 02:52, Christian Schulte wrote:
> Am 15.02.2026 um 15:45 schrieb Jan Schreiber:
>> While there I notices relayd also never calls check_file_secrecy.
>> So the ca key password will also be visible in the relayd.conf
>>
>> If it's the right way I'll send an additional diff for relayd in another
>> thread.
> Maybe a bug [1].
>
> [1] <https://marc.info/?l=openbsd-bugs&m=177138197714945>
>
Looks to me it either was forgotten or abandoned. I think it's a good 
idea to check every config
for the right permissions by default (by removing the additional integer.
What do you think? If it's something that is useful I'm happy to extend 
my patchset (or start a new one).