INN and OpenSSL 0.9.7
Russ Allbery
rra at stanford.edu
Thu Jan 2 19:11:23 UTC 2003
Erik Klavon <erik at eriq.org> writes:
> While upgrading to the newest release of OpenSSL today, I encountered a
> problem with nnrpd in CURRENT. My previous sasl.conf was:
> tls_ca_path: /news/lib
> tls_cert_file: /news/lib/thawte.pem
> tls_key_file: /news/lib/thawte.pem
> (The file thawte.pem is just the private key and certificate
> cated). This was using 0.9.6h. After upgrading to OpenSSL 0.9.7, this
> config failed to work with the following line logged:
> error initializing TLS: [CA_file: ] [CA_path: /news/lib] [cert_file:
> /news/lib/thawte.pem] [key_file: /news/lib/thawte.pem]).
> Changing my sasl.conf to
> tls_ca_path: /news/lib
> tls_cert_file: /news/lib/thawte.crt
> tls_key_file: /news/lib/thawte.key
> fixed the problem. I tried using this same config with the older version
> of nnrpd using the previous version of OpenSSL, and it failed in the
> same way as above.
Hm. I'm not sure on this one.
I've never gotten the PEM thing to work with either Stunnel or with
Apache, and have always used the separate .cert and .key files instead, so
I don't know much about how that's supposed to work. But strange that
that didn't work with the old build.
We did change some things with the OpenSSL support, but it mostly involved
moving bits of code around, not changing them (except for the change to
ephemeral Diffie-Hellman instead of ephemeral RSA). So I'm wondering if
something changed in OpenSSL between 0.9.7 and 0.9.6h.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers
mailing list