Incorrect setting of tls_key_file in sasl.conf

Ian Steele ian.steele at
Tue Oct 10 09:34:03 UTC 2006


This isn't a bug as such, but more of a mismatch in the way openssl 
works and the INN default configuration...

I recently installed INN 2.4.3 (compiled from source on RHES4) and 
enabled SSL in readers.conf.  I created a certificate as described in 
"SSL SUPPORT" at but was 
unable to connect from my news reader.  I found the following error in 

nnrpd[28452]: unable to get private key from '/usr/local/news/lib/cert.pem'
nnrpd[28452]: error initializing TLS: [CA_file: ] [CA_path: 
/usr/local/news/lib] [cert_file: /usr/local/news/lib/cert.pem] 
[key_file: /usr/local/news/lib/cert.pem]

The problem I found was that tls_key_file was pointing at cert.pem, not 
key.pem, so changing tls_key_file in sasl.conf to point at 
/usr/local/news/lib/key.pem fixed the problem.

I guess either the FAQ should be updated or the default sasl.conf file.

Best regards,

Ian Steele,
Senior Partner,
Miley Watts LLP,

More information about the inn-bugs mailing list