From: Kirill A. Korinsky Subject: Re: relayd: support explicit paths for keypair To: rafael@sizeofvoid.org, tech@openbsd.org Date: Sat, 09 May 2026 20:50:13 +0200 On Sat, 09 May 2026 19:21:10 +0200, Kirill A. Korinsky wrote: > > On Sat, 09 May 2026 19:06:00 +0200, > Rafael Sadowski wrote: > > > > > > This is the correct syntax: > > > > tls keypair xxx cert /etc/ssl/test.crt > > tls keypair xxx key /etc/ssl/private/test.key > > > > > > > > Well, I read line > > keypair name [cert path [key path [ocsp path]]] > > from a man like cert/key/ocsp should be in one line and ocsp path might be > specified only when cert and key exists. claudio@ pointed that path should be in "..." and it works. I like it and OK with make explicit in man page that: - path should be in "..."; - cert/key/ocsp should be in dedicated lines. or rework parser to support unquoted path. > > Anyway, I've tried your suggested syntax and it doesn't work: > > relayd $ doas stat /etc/ssl/test.crt > 1088 78678 -rw-r--r-- 1 root wheel 342741 1980 "Mar 29 22:28:46 2026" "Mar 29 22:28:46 2026" "Mar 29 22:30:11 2026" 16384 4 0 /etc/ssl/test.crt > relayd $ doas stat /etc/ssl/private/test.key > 1088 78675 -rw-r--r-- 1 root wheel 327156 3272 "Mar 29 22:28:46 2026" "Mar 29 22:28:46 2026" "Mar 29 22:28:46 2026" 16384 8 0 /etc/ssl/private/test.key > relayd $ make > relayd $ cat relayd.conf > table { 127.0.0.1 } > > http protocol https { > tls keypair xxx cert /etc/ssl/test.crt > tls keypair xxx key /etc/ssl/private/test.key > } > > relay https { > listen on egress port 443 tls > protocol https > > forward to port 80 > } > relayd $ doas ./obj/relayd -n -f relayd.conf > relayd.conf:4: syntax error > relayd.conf:10: no such protocol: https > no actions, nothing to do > relayd $ > > > -- > wbr, Kirill > -- wbr, Kirill