artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1249177) | patch
Implement RSA privilege separation for OpenSMTPD, based on my previous
authorreyk <reyk@openbsd.org>
Tue, 29 Apr 2014 19:13:13 +0000 (19:13 +0000)
committerreyk <reyk@openbsd.org>
Tue, 29 Apr 2014 19:13:13 +0000 (19:13 +0000)
commitc4df3bf27090249fec8edcd55b8fb30d01283bdf
tree2f94cd3b55eb64e6b7eb78707ed8554773f80c62tree | snapshot
parent1249177580e91cb4476836a604cfbb1fd56d87eccommit | diff
Implement RSA privilege separation for OpenSMTPD, based on my previous
implementation for relayd(8).  The smtpd(8) pony processes (mta
client, smtp server) don't keep the private keys in memory but send
their private key operations as imsgs to the "lookup"/mta process.
It's worth mentioning that this prevents acidental private key leakage
as it could have been caused by "Heartbleed".

ok gilles@
14 files changed:
usr.sbin/smtpd/ca.c diff | blob | history
usr.sbin/smtpd/config.c diff | blob | history
usr.sbin/smtpd/lka.c diff | blob | history
usr.sbin/smtpd/mproc.c diff | blob | history
usr.sbin/smtpd/mta_session.c diff | blob | history
usr.sbin/smtpd/pony.c diff | blob | history
usr.sbin/smtpd/smtp.c diff | blob | history
usr.sbin/smtpd/smtp_session.c diff | blob | history
usr.sbin/smtpd/smtpd.c diff | blob | history
usr.sbin/smtpd/smtpd.h diff | blob | history
usr.sbin/smtpd/ssl.c diff | blob | history
usr.sbin/smtpd/ssl.h diff | blob | history
usr.sbin/smtpd/ssl_privsep.c diff | blob | history
usr.sbin/smtpd/ssl_smtpd.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim