nnrpd: can't bind (Invalid argument)
Jim Davis
jdavis at CS.Arizona.EDU
Mon Sep 13 22:06:51 UTC 2004
Forrest Aldrich wrote:
> For nnrpd+ssl I installed a self-signed cert. I went to test and I see
> this in the logs:
>
>
> Sep 13 13:51:17 news nnrpd[30442]: error initializing TLS: [CA_file:
> /usr/local/news/lib/cert.pem] [CA_path: /usr/local/news/lib] [cert_file:
> /usr/local/news/lib/cert.pem] [key_file: /usr/local/news/lib/cert.pem]
We're using self-signed certs too -- as with anything SSL the file
permissions are fussy. Something like
-rw------- 1 news news 2335 Jan 21 2004 /usr/local/news/lib/cert.pem
works here. Well, my news client (Mozilla Thunderbird) grumbles about
the self-signed nature, but after telling it to accept the certificate
everything's copasetic.
> Sep 13 13:52:35 news nnrpd[30448]: starttls: TLSv1 with cipher
> DHE-RSA-AES256-SHA (256/256 bits) no authentication
> Sep 13 13:52:35 news nnrpd[30448]: myserver.com (xx.xx.xx.106) connect
>
> It's not clear to me that SSL is working with the message "no
> authentication". How can we tell if this is actually working and not
> falling back to normal nnrpd.
Running tcpdump -i your-favorite-interface tcp port 563 on the server
should show traffic (or not).
More information about the inn-workers
mailing list