config.m4: Present a LetsEncrypt certificate to external clients.

author Mark Wooding <mdw@distorted.org.uk>

Tue, 26 Jun 2018 15:48:54 +0000 (16:48 +0100)

committer Mark Wooding <mdw@distorted.org.uk>

Tue, 3 Jul 2018 21:04:59 +0000 (22:04 +0100)
author Mark Wooding <mdw@distorted.org.uk>
Tue, 26 Jun 2018 15:48:54 +0000 (16:48 +0100)
committer Mark Wooding <mdw@distorted.org.uk>
Tue, 3 Jul 2018 21:04:59 +0000 (22:04 +0100)
diff --git a/config.m4 b/config.m4

index db6b966df2c9d31b7e325c30020850a55c0014ca..a9b30b891c27fbc1e8b1e0be5827883e1c7787e2 100644 (file)
--- a/config.m4
+++ b/config.m4
@@ -80,7 +80,11 @@ DEFCONF(relay_clients, <m4_dnl
  )
  
  ## TLS certificate list.
  )
  
  ## TLS certificate list.
-DEFCONF(certlist, CONF_sysconf_dir/server.certlist)
+DEFCONF(certlist,
+<:m4_ifelse(t, m4_ifelse(MODE, hub, nil, MODE, srv, nil, t),
+<:CONF_sysconf_dir/server.certlist:>,
+<:CONF_sysconf_dir/${if match_ip{$sender_host_address}{+trusted} \
+       {server}{letsencrypt}}.certlist:>):>)
  
  ## TLS-related settings.  We're assuming GNUTLS here, rather than OpenSSL.
  ## For local connections we are very strict.  For random clients, we try
  
  ## TLS-related settings.  We're assuming GNUTLS here, rather than OpenSSL.
  ## For local connections we are very strict.  For random clients, we try
author	Mark Wooding <mdw@distorted.org.uk>
	Tue, 26 Jun 2018 15:48:54 +0000 (16:48 +0100)
committer	Mark Wooding <mdw@distorted.org.uk>
	Tue, 3 Jul 2018 21:04:59 +0000 (22:04 +0100)