[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: SSL, certs, and conserver (fix included)

Chris Ross cross+conserver@distal.com
Wed, 19 Oct 2005 11:57:56 -0700 (PDT)

Bryan Stansell wrote:

well, i'm seriously lacking on ideas.  can you show me a 'conserver -V',
so i know how it was compiled, etc?  and can you make sure that you're
using one version of conserver (not picking up the wrong binary because
of multiple installs or a $PATH issue or something)?  and perhaps the
conserver.cf (with whatever you want made generic).  or, better yet, if
you point conserver to the test/test1.cf config file and try things with
that, does it produce the same issue?

Okay. I did the latter. The conserver -V produces:

conserver: conserver.com version 8.1.12 conserver: default access type `r' conserver: default escape sequence `^Ec' conserver: default configuration in `/etc/conserver/conserver.cf' conserver: default password in `/etc/conserver/conserver.passwd' conserver: default logfile is `/var/log/conserver' conserver: default pidfile is `/var/run/conserver.pid' conserver: default limit is 16 members per group conserver: default primary port referenced as `782' conserver: default secondary base port referenced as `0' conserver: options: libwrap, openssl, pam conserver: openssl version: OpenSSL 0.9.7d 17 Mar 2004 conserver: built with `./configure --sysconfdir=/etc/conserver --prefix=/usr/local --with-openssl=/usr/sfw --with-pam --with-libwrap --with-port=782 --with-master=sesirm-console'

  But, despite the --with-openssl, I whacked the makefile
so that it built with a libssl.a and libcrypto.a that I
built.  ldd confirms it doesn't link with the Solaris
libssl.so and libcrypto.so (solaris doesn't ship .a
versions of those libs).

When I run it with test/test1.cf, it says:

# /usr/local/sbin/conserver -C /tmp/conserver-8.1.12/test/test1.cf [Wed Oct 19 14:48:46 2005] conserver (6010): conserver.com version 8.1.12 [Wed Oct 19 14:48:46 2005] conserver (6010): started as `root' by `cross' [Wed Oct 19 14:50:19 2005] conserver (6010): ERROR: FileSSLAccept(): SSL error on fd 5 ^C[Wed Oct 19 14:51:03 2005] conserver (6010): terminated #


  That ERROR line was produced when I ran the client, as
follows:

% /usr/local/bin/console -x
sesirm-console: access from your host refused
% /usr/local/bin/console -M 127.0.0.1 -x
console: SSL negotiation failed
%

  Obviously, only the second one succeeded, and produced
the error listed above.

  I don't know if this helps at all, or not.  If
you can suggest to me where in the code I should
start debugging, I can do that.  I'm pretty good
at code, but could use a pointer as to where to
start sticking in the debugging printf's.  :-)

- Chris

Follow-Ups:
- Re: SSL, certs, and conserver (fix included), Chris Ross

References:
- Re: SSL, certs, and conserver (fix included), Chris Ross
- Re: SSL, certs, and conserver (fix included), Bryan Stansell
- Re: SSL, certs, and conserver (fix included), Chris Ross
- Re: SSL, certs, and conserver (fix included), Chris Ross
- Re: SSL, certs, and conserver (fix included), Bryan Stansell

Prev by Date: Re: SSL, certs, and conserver (fix included)
Next by Date: Re: SSL, certs, and conserver (fix included)
Prev by Thread: Re: SSL, certs, and conserver (fix included)
Next by Thread: Re: SSL, certs, and conserver (fix included)
Messages sorted by: [Date] [Thread]