inn & ssl again
Carlo Kok
ck at carlo-kok.com
Fri Oct 3 19:13:40 UTC 2003
Carlo Kok wrote:
> I tried INN with SSL, so far I have the CERT file (with both certificate
> and private key in it) and put it in the .../inn-ssl/lib/ dir.
> With owner: news:news / chmod 700 ...
> and starting it as user "news" with:
> ./nnrpd -D -f -S -p 11563
>
> I get:
>
> Oct 3 19:39:45 linux nnrpd[7902]: bad ownership or permissions on
> private key '/sites/inn-ssl/lib/cert.pem'
> Oct 3 19:39:45 linux nnrpd[7902]: error initializing TLS: [CA_file: ]
> [CA_path: /sites/inn-ssl/lib] [cert_file: /sites/inn-ssl/lib/cert.pem]
> [key_file: /sites/inn-ssl/lib/cert.pem]
>
> If I change it to root:root (And run it as root):
> Oct 3 19:48:25 linux nnrpd[8470]: unable to get certificate from
> '/sites/inn-ssl/lib/cert.pem'
> Oct 3 19:48:25 linux nnrpd[8470]: error initializing TLS: [CA_file: ]
> [CA_path: /sites/inn-ssl/lib] [cert_file: /sites/inn-ssl/lib/cert.pem]
> [key_file: /sites/inn-ssl/lib/cert.pem]
>
> What am I missing, also should nnrpd really be running as root?
Oke, found it by looking at the cvs for inn (tsl.c), for those that have
trouble with nnrpd with ssl, it works perfectly if ran from inetd/xinetd
as news/news user when the cert is chmod'd 600 (owner news:news)
Carlo Kok
More information about the inn-workers
mailing list