inn & ssl again

Carlo Kok ck at carlo-kok.com
Fri Oct 3 19:13:40 UTC 2003


Carlo Kok wrote:
> I tried INN with SSL, so far I have the CERT file (with both certificate 
> and private key in it) and put it in the .../inn-ssl/lib/ dir.
> With owner: news:news / chmod 700 ...
> and starting it as user "news" with:
> ./nnrpd -D -f -S -p 11563
> 
> I get:
> 
> Oct  3 19:39:45 linux nnrpd[7902]: bad ownership or permissions on 
> private key '/sites/inn-ssl/lib/cert.pem'
> Oct  3 19:39:45 linux nnrpd[7902]: error initializing TLS: [CA_file: ] 
> [CA_path: /sites/inn-ssl/lib] [cert_file: /sites/inn-ssl/lib/cert.pem]
> [key_file: /sites/inn-ssl/lib/cert.pem]
> 
> If I change it to root:root (And run it as root):
> Oct  3 19:48:25 linux nnrpd[8470]: unable to get certificate from 
> '/sites/inn-ssl/lib/cert.pem'
> Oct  3 19:48:25 linux nnrpd[8470]: error initializing TLS: [CA_file: ] 
> [CA_path: /sites/inn-ssl/lib] [cert_file: /sites/inn-ssl/lib/cert.pem] 
> [key_file: /sites/inn-ssl/lib/cert.pem]
> 
> What am I missing, also should nnrpd really be running as root?

Oke, found it by looking at the cvs for inn (tsl.c), for those that have 
trouble with nnrpd with ssl, it works perfectly if ran from inetd/xinetd 
as news/news user when the cert is chmod'd 600 (owner news:news)


Carlo Kok




More information about the inn-workers mailing list