Incorrect setting of tls_key_file in sasl.conf
Ian Steele
ian.steele at mileywatts.com
Tue Oct 10 09:34:03 UTC 2006
Hi,
This isn't a bug as such, but more of a mismatch in the way openssl
works and the INN default configuration...
I recently installed INN 2.4.3 (compiled from source on RHES4) and
enabled SSL in readers.conf. I created a certificate as described in
"SSL SUPPORT" at
http://www.eyrie.org/~eagle/software/inn/docs/nnrpd.html#S4 but was
unable to connect from my news reader. I found the following error in
log/news.err:-
nnrpd[28452]: unable to get private key from '/usr/local/news/lib/cert.pem'
nnrpd[28452]: error initializing TLS: [CA_file: ] [CA_path:
/usr/local/news/lib] [cert_file: /usr/local/news/lib/cert.pem]
[key_file: /usr/local/news/lib/cert.pem]
The problem I found was that tls_key_file was pointing at cert.pem, not
key.pem, so changing tls_key_file in sasl.conf to point at
/usr/local/news/lib/key.pem fixed the problem.
I guess either the FAQ should be updated or the default sasl.conf file.
Best regards,
Ian Steele,
Senior Partner,
Miley Watts LLP,
http://www.mileywatts.com
More information about the inn-bugs
mailing list