inn 2.4.0 and SSL certificates
Sergio Rodriguez de Guzman Martinez
srodriguez at corenetworks.org
Thu Jul 31 09:25:08 UTC 2003
Hi,
I think I have found a bug with INN and SSL:
When making the certificate from the make cert command (on Makefile):
## Install a certificate for TLS/SSL support.
cert:
$(SSLBIN)/openssl req -new -x509 -nodes \
-out $(PATHLIB)/cert.pem -days 366 \
-keyout $(PATHLIB)/cert.pem
chown $(NEWSUSER) $(PATHLIB)/cert.pem
chgrp $(NEWSGROUP) $(PATHLIB)/cert.pem
chmod 640 $(PATHLIB)/cert.pem
The permissions are 640 for cert.pem, but in nnrpd/tls.c (line 421)
if (!S_ISREG(buf.st_mode) || (buf.st_mode & 0077) != 0 ||
buf.st_uid != getuid()) {
syslog(L_ERROR, "bad ownership or permissions on private
key '%s'",
cert_file);
return (0);
}
you are checking the permissions with & 0077 so: 0640 & 0077 gives TRUE
and you get that annoying error.
Just changing the permissions of the cert file to 600 solves the problem.
Anyway, thanks for such a great job.
Note for the debian maintainer:
Please, change the README.Debian:
chmod 600 /etc/news/nnrpd-key.pem
chown news:news /etc/news/nnrpd-key.pem
and the line 1 is wrong:
"To enable SSL you need to start /etc/news/bin/nnrpd-ssl with the -S"
you need to start /usr/lib/news/nnrpd-ssl with -S
Sergio.
More information about the inn-bugs
mailing list