Commit Briefs
remove the useless logging methods
it makes more clear where the magic is. adapted from the smtpd' ca.c diff.
macos' clang is retarded
thinks rsa and ecdsa may be used un-initialized... if we enter the branch with fatalx(). sigh
simplify check
brought to my attention by gcc who isn't smart enough to figure out that `ret' is always set.
avoid arithmetic on void pointers (GNU extension)
not really sold on this one, I don't see what other interpretation could be given, but it's not standard so...
add a privsep crypto engine
Incorporate the OpenSMTPD' privsep crypto engine. The idea behind it is to never load the certificate' private keys in a networked process, instead they are loaded in a separate process (the `crypto' one) which signs payloads on the behalf of the server processes. This way, we greatly reduce the risk of leaking the certificate' private key should the server process be compromised. This currently compiles only on LibreSSL (portable fix is in the way).